5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b

Analysis

max time kernel
149s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
Size

897KB
MD5

d9f8c3112fa16b9c170a349c0aa6285f
SHA1

793ad3149d3d4eafe1036b3b381596bcd8f4e54b
SHA256

5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b
SHA512

fc2803deed529e75cb7d97cc7abc1bee10ce2538aa9e7d7953d7a0a66b4721bae2ca5e1515e02da11fa236f1938cb14ff7adcc8beef97e5a8e4fe015098c221f
SSDEEP

24576:mqDEvCTbMWu7rQYlBQcBiT6rprG8a4AK:mTvC/MTQYxsWR7a4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2180	taskkill.exe
1064	taskkill.exe
3388	taskkill.exe
2008	taskkill.exe
3208	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725647749485905"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4876	chrome.exe
4876	chrome.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3208	taskkill.exe
Token: SeDebugPrivilege	2180	taskkill.exe
Token: SeDebugPrivilege	1064	taskkill.exe
Token: SeDebugPrivilege	3388	taskkill.exe
Token: SeDebugPrivilege	2008	taskkill.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 3208	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	82
PID 4608 wrote to memory of 3208	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	82
PID 4608 wrote to memory of 3208	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	82
PID 4608 wrote to memory of 2180	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	85
PID 4608 wrote to memory of 2180	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	85
PID 4608 wrote to memory of 2180	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	85
PID 4608 wrote to memory of 1064	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	87
PID 4608 wrote to memory of 1064	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	87
PID 4608 wrote to memory of 1064	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	87
PID 4608 wrote to memory of 3388	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	89
PID 4608 wrote to memory of 3388	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	89
PID 4608 wrote to memory of 3388	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	89
PID 4608 wrote to memory of 2008	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	91
PID 4608 wrote to memory of 2008	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	91
PID 4608 wrote to memory of 2008	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	91
PID 4608 wrote to memory of 4876	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	93
PID 4608 wrote to memory of 4876	4608	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe	93
PID 4876 wrote to memory of 2532	4876	chrome.exe	94
PID 4876 wrote to memory of 2532	4876	chrome.exe	94
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4784	4876	chrome.exe	95
PID 4876 wrote to memory of 4860	4876	chrome.exe	96
PID 4876 wrote to memory of 4860	4876	chrome.exe	96
PID 4876 wrote to memory of 1864	4876	chrome.exe	97
PID 4876 wrote to memory of 1864	4876	chrome.exe	97
PID 4876 wrote to memory of 1864	4876	chrome.exe	97
PID 4876 wrote to memory of 1864	4876	chrome.exe	97
PID 4876 wrote to memory of 1864	4876	chrome.exe	97
PID 4876 wrote to memory of 1864	4876	chrome.exe	97
PID 4876 wrote to memory of 1864	4876	chrome.exe	97
PID 4876 wrote to memory of 1864	4876	chrome.exe	97
PID 4876 wrote to memory of 1864	4876	chrome.exe	97
PID 4876 wrote to memory of 1864	4876	chrome.exe	97
PID 4876 wrote to memory of 1864	4876	chrome.exe	97
PID 4876 wrote to memory of 1864	4876	chrome.exe	97
PID 4876 wrote to memory of 1864	4876	chrome.exe	97

C:\Users\Admin\AppData\Local\Temp\5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe
"C:\Users\Admin\AppData\Local\Temp\5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3208
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2180
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1064
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3388
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4876
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff82314cc40,0x7ff82314cc4c,0x7ff82314cc58
    3⤵
    PID:2532
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,12623077314760482966,4788738987939055984,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1808 /prefetch:2
    3⤵
    PID:4784
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,12623077314760482966,4788738987939055984,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    PID:4860
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,12623077314760482966,4788738987939055984,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2464 /prefetch:8
    3⤵
    PID:1864
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,12623077314760482966,4788738987939055984,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:2464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,12623077314760482966,4788738987939055984,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:768
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,12623077314760482966,4788738987939055984,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4648 /prefetch:8
    3⤵
    PID:3464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,12623077314760482966,4788738987939055984,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:8
    3⤵
    PID:2644
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4808,i,12623077314760482966,4788738987939055984,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4668 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:456

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3212

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
43aa7f2a2b8105d3dd3aa86687c0fc6f

SHA1
909a50272217527a85c22d89e6b5e0a3949b9b80

SHA256
aacf46b4f5b802fba14da3e3b06a5f5c0cda6cb11db947299fc42acc97353cd0

SHA512
abf7c41bae6c2119548564090860a3b10a867cd28fe68d9e6d5e9a9db4956d9c81c8395142baa11791744077aaeddd31ab257892d9cafcb960cd85b62ea6dcd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
c309725f5daf96b5e9d20b8c9d0e056d

SHA1
641c39c03570e5ebe8d8419e0edb51c51cd5163a

SHA256
7deb2d061d5c4061051f0885477afdc9218dcba3d7b047830791eee3dd5445bf

SHA512
c042db4a07c11602857790012c2f99b7f87be72fde520bf89913df3d85b3a084df8efd5edd2c79a1e83e16da159e47dca16fcaa26b6183c10c3682bcee8f122b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
535a4bb2b64956817a29297d10b550f6

SHA1
1733b0040ee0a4df49a4ec18da80b705dbc104df

SHA256
bcad931f5c73263962a3396663439499bb968b8eb4801afe6e7a2a5c7111963b

SHA512
a9e973696204a5b9d1eb2887c845535b81db0ca5c29262620a5a2659ff41b463684ed8832e79c4ccf7ee0e927c64fe7e7c9350dd7165a26b51f7e3b61596c897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c2364523fc812673a4cac950976658ab

SHA1
494eb949045e330c12c93f54495ef996c6214332

SHA256
bac2bf9ca25d9b667858f31cc0bd1c87edb31a99ebd1c59247eca64320e57977

SHA512
b930037c73815847de847ed427960cb54ff58853f0adaa49d0966ab55ffbb67522b6e51d52f501f03d5ac33abda17fc91a7333287a3fb6715b08140de7a9fd5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
c090c8e10b4dfcb2548a6f0accfd8c7e

SHA1
91a72d0deb81ef7410f681fc31589a58fe7835ca

SHA256
b7d778919a157ee0d76589ec8e3858fa3ac290a9b76b3bf0fb2c0f99f43f97bf

SHA512
61d68cf0237c7cf99ac398a0fcd48b4a100ba723198515f4751163848109dc4d92a19df3c4832e761467fb9cfa36cf7d7d3daa3e4f1a93254709c7b0364d2c08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
456b492901f79390c8a505a015ff32e0

SHA1
a05fba214ea76b7f332dcee37d9c66c15402aee5

SHA256
27454a9ba72294c38e3e0f7b7bfe634feb39a0c8f8d3730bd2917ec5774e3967

SHA512
9f042d3bfed259644f6b81abda8b3cd9a2f898604c1c027dc746b76c940ca5b3ca3d42a420aac058e8a6aaac386939c2bf3c16a753cbcd26f6af12f8b5b2d341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1f46833461d098f856a02ebc21a68b23

SHA1
f32a3e2ba51c3887abbf965f0b793db1ef6b3160

SHA256
324ce512ed202568219d277a2629cb57bfe68c98b9885db5599e37a6bae393c8

SHA512
613c2cfc71d0a7bc517903616d57eaab6e7bba52adda03b27ff3399bef87240e6e72348cc21f3ba172967489823c31579b3c9ccb5dfe7b3f734d1f091c59138e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
faf3cd241d97090ec0b869e9d7440567

SHA1
ddc47d88a560b10b192155e178f744f943726759

SHA256
7be53e1d263f574e211446c8c52ac428242fd67dd6997f19717fa5e151ea28e3

SHA512
6826eb33eff50746c74b879543e6eedac63846c1f75bb75f00b719106e5297c22660333fca7e5e6e5cceb01af96727ca4ee4c6a952915e62bb56342639b38825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0721c6b0bdb534ca81fa82128eaa605d

SHA1
ae3e4e3ba645f1f52c5471d762b77a4d3eedce80

SHA256
0f8cde2f4efeb297812c0937841e5d45ac1b65a12f860fb381673c0bad026d1a

SHA512
ac22789df65f4d8ef9927282b85167a882d91bb25f0500b4c9a1e5647c4c67e76026057fdb8cd60cbe0fee12bf36a45354e557f0b902f2ec8bb2fbe7ae3d2fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2c33e6396568b5a1e3083b65fe9f617d

SHA1
1b854f220958c598b974c5201bcd8a61b067101e

SHA256
e375745098e722696e247f4e22e9f1b9b4ab540a4cb422550d2d66c04f50eb0c

SHA512
60a5f6edf53025b46834424801c0f5689b51d09a2fe6d620fcb6d0e671e168496d901cf64b888e5090d6ebb19190043f9564961659b077a7da122d802ab5f014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
f4b75d3f25d331bfe286706d76640786

SHA1
5ce6e4d9662cac40f2bf016f5368e1ed3a0a2db5

SHA256
7ebf46f0ad0057693c082ab10d4e2ca4e4dde345c9e67e3edfedc5a360150be5

SHA512
284264b801e88a53c0109d928ae15a641285edd2489110d96101c66c291df21c4a93b1b33ae594269cac0ea0a3c2c605cf51452233edc5da9ab8c02d8ea5bdf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
862ea919f3fc3f343abe69ecb7122921

SHA1
23b845f703c911f594fab8605cb6318943a5406e

SHA256
b5b0f191ec5008a42bffff5df11549bdd058acb42019090cd9a1b226dec4ce13

SHA512
56cf390b46ef76d8c9f7ee6b6a9472b0078fdc7bb7820dbe2f67667d95bceb3a1b5beac9d002c12f1fa70795479d19a62fef7407b9ca409b981849cc1b0995be

Download Submit