hxxps://drive[.]google[.]com/drive/folders/1yQcPmp8g-vnjU4Bk6fzClWjuU8qZ88J1?usp=sharing

Analysis

max time kernel
150s
max time network
151s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
03/10/2024, 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1yQcPmp8g-vnjU4Bk6fzClWjuU8qZ88J1?usp=sharing

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2144	winrar-x64-701.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
3	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133724382595096780"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
4416	chrome.exe
4416	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3140	OpenWith.exe
3140	OpenWith.exe
3140	OpenWith.exe
2144	winrar-x64-701.exe
2144	winrar-x64-701.exe
2144	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 2356	3368	chrome.exe	73
PID 3368 wrote to memory of 2356	3368	chrome.exe	73
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 2004	3368	chrome.exe	75
PID 3368 wrote to memory of 4764	3368	chrome.exe	76
PID 3368 wrote to memory of 4764	3368	chrome.exe	76
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77
PID 3368 wrote to memory of 96	3368	chrome.exe	77

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1yQcPmp8g-vnjU4Bk6fzClWjuU8qZ88J1?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff965119758,0x7ff965119768,0x7ff965119778
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:2
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:96
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5284 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5440 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5620 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5736 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5480 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5988 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5364 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2860 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=916 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5584 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1580 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5620 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5228 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4684 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2344 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1580 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5688 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6028 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5296 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5784 --field-trial-handle=1788,i,2119160651723418772,5006437236134565074,131072 /prefetch:1
  2⤵
  PID:2096

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1180

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
28KB

MD5
78fbaa6c69ccc961b8ec438a8588001b

SHA1
990c7f85fd6739a39ceb934cacbddd8ca7672627

SHA256
708cc85c1b714f37d78a73e237276b2525f644e3e5ab935d7671368f21c2d4d9

SHA512
c9b167bc97e6a65745576831721bc21c1ebb4ea9545643f2af6e7b4879b5930db85991013a12a8debf645f3b152b9c27afa619c245e21d35d9cd66b1347a0aa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
62KB

MD5
9666d74b18f57389ee2d3dee5073f71a

SHA1
1830bc2670e616a1da1af27157159e6677a5ad63

SHA256
6fcb1e788f9a12b8ad937172802c41475f2180906db38d6507a3af6a2b721cae

SHA512
69ea6d6080b3ac00f4c4fcf9e00c9e16bd2c3373073f7dde3b1735fabeaaed1e7f8b76113e5ed2b9df08d089ca33ec367c595312f0c2f6e0fbad364464bc989b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
606ab7dfbb07877b624d2901826a884a

SHA1
5b14cd32ae586055bb3b304b9b3f4cb9051db170

SHA256
f4a91b59126ba986c419e84df24cdf3bc47261f4aab5d32ee47f59cfdc01cfe1

SHA512
a63d18362b9ba2f4ea1e6f40b02b5bdb81638d5375253c1d2308198d9c7f963f3733bf2c11e20c0e21834d77cf4c29ec5147eb5e313d14889f32052ad15f29da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2bde74dc26e0885d06a2ba60f4f16a55

SHA1
04e0e1548b8c0e27dca59e7cd269043f4f0fafdf

SHA256
bf25bd2060911a7b5eaaa151d6c132f9de019b3c1ebc5368070b7ce76d79f686

SHA512
79ee8e0ae84fbafe23e83dbee9d70b200a099446c7142efef4194b2d2a41ed8fa9af7dbf40cdd746d242cf9b85021f4dff329706f450d7758d83126a4bf44395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
96bf0dc431e3075606f810f765b6308a

SHA1
6f307bf0c794c8c5fe2e4481dfaedfa5b940b5ca

SHA256
fbb09ea5f04ae646399ae4c02796f549b5e11c1d39378880f221ef00f3c2be2e

SHA512
51c3ed73770756a28e3a5c80184860cd2abead2971a61353b16df1a798b0ad8cbf9320f113369f576b7e9bf6916b067e553b6beb084823adc8781f026b4ee8b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
63b16af735d2b4dacd8d0bf47200e88e

SHA1
5eb0798c2d0561273f8a46b9000fe2defe3caa2e

SHA256
59aa3fadad85184475d5a9c477dd46d8c6df2716dd37d17749138c195c540ac5

SHA512
2e35a93313d1ba7cec06a11cdcd5fe602d21deaa15d1a4a399d02214b3138e412c25f1131a0b3ef3396a167afb7b32511676f1403d68104bea17331d4fa5e15a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
919558332f96303f60dfd49d9f962a3e

SHA1
cfd2919d4a23dbde3edd961f4f929619c71b5f8e

SHA256
7c8782572aac5030b815c94d6d750a074028d03cd4aac61b1dc24745f29ea8de

SHA512
91abf602583db53f709f377a629298cdc4f373da0a66cc1e513ea08b18be6ad56e9940d11612539e7c102cb78743f0a36792c75c80abfc2f3de83ef9234686d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3bf2f07a044837f084f10d6cbf40abc0

SHA1
2860959faf63a85fdf3a6ad2b23c167710617d18

SHA256
6888fd96ea63d2d77eef088b5f1747156af2e321571b310c4d7fc7c851f996fc

SHA512
22464c154b4292d68451f0e27b35c11323219ee2b1480977cba2ffdcfba4bb8a48b864d25200430533c93ec50e648dac3813eb5e1df15192fdce401c16a1ac0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
99773e72363a1733695e85cf606eea8e

SHA1
79b1c3763206fca5aa941722360da23ebb55d753

SHA256
c2d6f2c49ea4d4dbaae45ff9caae7009a8eeb042501ec981d2f5e0262e395ab7

SHA512
a3e6fd343583d457f0e02e27ec69f7978d17cc2dc7f215fe64b7990be1ad0de723b18fd86d04d83f464a0ac772f34f45c8db12990ce35e0c56dafc78e129effd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
092d3a0393511c635dada17b009ac3a5

SHA1
13b837d8653f2a7ebf725bac6e1e29579392d919

SHA256
1df4d2dd66fd3677e5f1c868d6e90179754df7ad43a68a8d6bfce804dec87dca

SHA512
bb4a28cac4af2fb2c5db15919f85f09ed4bf99e5dc23bacf8503c8ad6e1cbfe337433411df807a1a7494861c0361128c897a5000c62b24943ab11ef82cda5b93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a9de9ac816f58d1d54eafdc38f07c815

SHA1
ecedb16729394bc68b07337aa003a775a1fad269

SHA256
352b6f13645e7625a00531fcdcab1fe7562147714beb3523abd25f25cb00558b

SHA512
86c70725d4edb2e7e6b4b09a69e3df4ba06eea64c59c64a6ad9b17e337d15cbf0d46adc68e0b598e15729fbf017f1e91a7dee95b20e2b3cc4b457dfc2da33977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
23adae6fabcf386c103e7725771353ff

SHA1
fb5f9df2aae62df7951742272162ad727ff8f880

SHA256
5e7e5e64b4c29fa042473fc3cfc3eb7c9a15be6457ad128e09ce62b323e1e0aa

SHA512
d8ba66b3dd6092505f0fa85b1e1f1fe4ab171b9f20c882639ae6cc1c2941dd51161519cfb751a585e69be1968ab6fa41a9e55911633195cd5d5c464b7a54457b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a11caf8875c96d64f83b0a431c1cfdec

SHA1
466d0267150af1ae4e8574606e203d1f7be2d9dd

SHA256
e341e3759793aac5fd17aedd760db05f3f3d7b857150612263a955912b558b46

SHA512
9ada93a1ad6e32f392b8c36fa5162321014f06e0a87e9495e980805ec4dd43d2183f123a20ab0c9e2d94598a346857a13997b26ec9e579b055e717623c530261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bf22602852a43c79738eb76684c3d4af

SHA1
70aff646fca05faeb2381a0437ee7cdb4a47e1da

SHA256
e2b21e8044c0b65f277fc9b8c28d9229bc3a363860fe95523ea3925aaa73f3df

SHA512
a85f62cf8d444998052e6563fe9049aae07598b0d00bf53e757ee0e7c63d71a4874c7142d7b5865e020e9f38b63e2b2b05ab8362b25cbb77a70cbf75203387f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bc2ab72c8728c7e7a8aed78ad792b8a0

SHA1
c0c8968d6dc2e7725f43649df605a5e98b4031b9

SHA256
15de5108b2fa2aaacf7fc18e80a97f16dcbe765cbe4534b09f6e842d588e0544

SHA512
5ae066f762c033d1000493d9f016c4665e2ef0b4815381a131206a036713cea48c8249fcdd2faf5bb1fbf5a669ce94d1fdac0217f4d52cdd6e43b65fc32e0e20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c419b97a832c2374c7366a48d87a07e4

SHA1
d9bfce69573ca6d4d311aeb5c0327b8a47d3a037

SHA256
09cc0a07bbf30117dabf72cc0fa3d0848a0dc8f0b391cc931df75760cf947ed0

SHA512
4ccbbadf5a0f21c515b8da4ae4f64fe6cfa655a0eeff97ce0b3bc4bdb5261eeb949b350444987e0f327708df3455ec476c1522dba45dc93d6a142e96e1043bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
87215839ee56ce222694aad4a023b4b1

SHA1
1ef217d7db83de90951e474e601bfb0aac7e6c82

SHA256
6b078bd277dd8785a5d3f22518583f84a1ebbed6d1710b57a010fed07237b9f8

SHA512
d9c98a307a1736021a383b56cadeb1f3ad09ea543d2feb0373bca5430e250ffef775bca45396d53b096960de1fa2a60b4b5d8857bec793a6d61be53b34b602e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
466f38a50c71e2b390326d23a4ecb1f9

SHA1
50bf2986b50808e90e074d36362da76f2d33d20f

SHA256
244e2489a7f04f4f53f7420ce08178aa04b06d66f0e1b69e60138cb704977620

SHA512
a495f4193020ca8c6376a06edd65db1a800e21da866489122241c02f548926a523d9bf97e2ac4302ba2eb9d8094f788e1bc595a190bc9e3187017b83945bfd51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
ef89e4616f8d4aa5eb71d0437185c404

SHA1
f3005faba71df49dc6c870896bcd0c0ae3cebe45

SHA256
8756a159a3210de1060a821dd776356e9bc989a5bf51f52b3a5f21907e2e441c

SHA512
24413b2162271f40da866f33ffbdbbc10faa85ad42b669efa094e67360c40d4b393779c876451292e56731c2b732dec4cb52ef4e23b71c5b9a1ba2100dfc5675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
b2067567b1508ee7d4c8f25a89a769fa

SHA1
0281df54fe8081f88c7c2975c04c75d051f0b11c

SHA256
99683021e799565f82424fdc1e9827924df482e14bb8312925d5f2f419faec11

SHA512
9d99deeedd4516fb7d4f3dd4a1cdce97887ec90b3b6debe90925c1b95f7b7e355142b910ab3369970b4ae5c5a6b04fa64b182de4a35c14426f097f4bb646d526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f491.TMP

Filesize
93KB

MD5
68adf1fe42d1d790b44a54866e974c89

SHA1
d4ab6803cd2601b3b79913c07e84ed5c7a7ef0f9

SHA256
09513f55bd87d878af8ae02970973e0ac70c935cd76d195236c8a543a6d0e286

SHA512
9a55f7fc0d88a088e75234855524d87452550fcd6138f9c1b977819eed0fc3d0f82c194d4987dfe9be10fb61ebef08425dab686e62658c615ce2e91039b6669c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Fra septiembre CGM.rar.crdownload

Filesize
666KB

MD5
a13ce859ac80c8d3b26a61a765ab6fc9

SHA1
35b200880eeea2ff3758ea8eb63b299cdf2fc19c

SHA256
b774b34bb4e9aeb33bdfaaee232aaf17ebf666aa642056eac78c11d4ea43937d

SHA512
4fd400fec3cd0d32dc34b1a2c58e74c41e0c7a85aec291c03782a04ce573334bafdfe9774a6e9e656aa45fef6b9cb83d9c3b6cb8612ccfa123a0e985a5fae04a

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit