8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
Size

897KB
MD5

52d6a4fc5717a6afd12843d7dc01b43d
SHA1

6e643ad30e60c95c0c5093670bd40f77e078284f
SHA256

8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400
SHA512

701e1f966239eb8e133d5b8f098ecddd6f00316972ebb064a6610a0ea1443848a4e97f1fc22fd6e0f7d719858a594ec1814ad79df787b01d9de1ea66940b5d13
SSDEEP

24576:eqDEvCTbMWu7rQYlBQcBiT6rprG8a4+K:eTvC/MTQYxsWR7a4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
3860	taskkill.exe
3324	taskkill.exe
4492	taskkill.exe
4100	taskkill.exe
4396	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725864892557334"	chrome.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3316	chrome.exe
3316	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3860	taskkill.exe
Token: SeDebugPrivilege	3324	taskkill.exe
Token: SeDebugPrivilege	4492	taskkill.exe
Token: SeDebugPrivilege	4100	taskkill.exe
Token: SeDebugPrivilege	4396	taskkill.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 3860	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	89
PID 4036 wrote to memory of 3860	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	89
PID 4036 wrote to memory of 3860	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	89
PID 4036 wrote to memory of 3324	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	92
PID 4036 wrote to memory of 3324	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	92
PID 4036 wrote to memory of 3324	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	92
PID 4036 wrote to memory of 4492	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	94
PID 4036 wrote to memory of 4492	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	94
PID 4036 wrote to memory of 4492	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	94
PID 4036 wrote to memory of 4100	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	96
PID 4036 wrote to memory of 4100	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	96
PID 4036 wrote to memory of 4100	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	96
PID 4036 wrote to memory of 4396	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	98
PID 4036 wrote to memory of 4396	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	98
PID 4036 wrote to memory of 4396	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	98
PID 4036 wrote to memory of 3316	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	100
PID 4036 wrote to memory of 3316	4036	8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe	100
PID 3316 wrote to memory of 2304	3316	chrome.exe	101
PID 3316 wrote to memory of 2304	3316	chrome.exe	101
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4716	3316	chrome.exe	102
PID 3316 wrote to memory of 4368	3316	chrome.exe	103
PID 3316 wrote to memory of 4368	3316	chrome.exe	103
PID 3316 wrote to memory of 3540	3316	chrome.exe	104
PID 3316 wrote to memory of 3540	3316	chrome.exe	104
PID 3316 wrote to memory of 3540	3316	chrome.exe	104
PID 3316 wrote to memory of 3540	3316	chrome.exe	104
PID 3316 wrote to memory of 3540	3316	chrome.exe	104
PID 3316 wrote to memory of 3540	3316	chrome.exe	104
PID 3316 wrote to memory of 3540	3316	chrome.exe	104
PID 3316 wrote to memory of 3540	3316	chrome.exe	104
PID 3316 wrote to memory of 3540	3316	chrome.exe	104
PID 3316 wrote to memory of 3540	3316	chrome.exe	104
PID 3316 wrote to memory of 3540	3316	chrome.exe	104
PID 3316 wrote to memory of 3540	3316	chrome.exe	104
PID 3316 wrote to memory of 3540	3316	chrome.exe	104

C:\Users\Admin\AppData\Local\Temp\8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe
"C:\Users\Admin\AppData\Local\Temp\8088e27a73649bb52548fb79fd02bdceacf92382e4376b085c2f087ff8ee5400.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3860
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3324
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4492
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4100
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3316
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff95661cc40,0x7ff95661cc4c,0x7ff95661cc58
    3⤵
    PID:2304
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2036,i,9101908474645973828,6682226926072259912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2040 /prefetch:2
    3⤵
    PID:4716
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1936,i,9101908474645973828,6682226926072259912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2076 /prefetch:3
    3⤵
    PID:4368
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,9101908474645973828,6682226926072259912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2316 /prefetch:8
    3⤵
    PID:3540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,9101908474645973828,6682226926072259912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
    3⤵
    PID:1036
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,9101908474645973828,6682226926072259912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
    3⤵
    PID:1472
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4568,i,9101908474645973828,6682226926072259912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:8
    3⤵
    PID:2076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,9101908474645973828,6682226926072259912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:8
    3⤵
    PID:3084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4704,i,9101908474645973828,6682226926072259912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4784 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3532

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:392

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
01f96b5ab908aac3116767f69425fbb9

SHA1
af37d30dfb655eb02eeab74f737679de32d700a8

SHA256
e22989192b318e5743293338186897f87d1a98eb5c7d254c3e80498d9e52d89f

SHA512
da3cf911cab1067f3f22fdefa3eba427544be7ab1692f33c580654a3ce90d94780a02295fd9ed6c6efbfa4af0fee070d1f28d7b9099ee9cdc43f5e5f06c53fea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
f9ea89a14ba17336dbc4dd5995131f9a

SHA1
ce4410e6105c46e3f7dcb5748a68ce633422f4b4

SHA256
69026d7562ef91df15374da0a4b507422bbbd3da94357838dbaae9be47205622

SHA512
b54be8e135415465de56b361bf848df0d8c2060dda3c8c75f3711364d4927b39c36fa771e147891b2ceaa2247c2339e0abf2193cd8aa20b6892d116fa7dbee55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f0ceaf9db3b4cf1da5b8e70a7fab2559

SHA1
bcd8025c066b4851555943b88b759ed0dcbb16c4

SHA256
2f3dff3ae3691bcbce555e827a255b64f8d4eff17766e5367605e95810b05a45

SHA512
0554b80f835013fc31bc76f24b9ef17fed0568ba787d78d0677a4f2bd4af843a33cef2c014434717146e18545f8946f8f49c7fc34c88831d95a466f948f161d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
012e93b1540c336227a9855f104bd7dc

SHA1
e337c897c5fa2dd70c62088dca271ae6e127e4fb

SHA256
5029e8873c2e2a41e49146692f15c18dffad3b11bf8a84aacd7249c504d8106d

SHA512
b2d9ee82fe6e264328347f843cf58959630937b00ee8da3581a7c4010327e6a9c11cccfa7e1c30bfbbc2ce8427313300c09315dbdd2c06560cf0bb323a7b2ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
5eb80ef71c1c6938044b545cdc588252

SHA1
9f0cbd004348379577c5703cb9db031aa29fac73

SHA256
9dc17643831a0616d2653ef64d98d7e64aefb2cb12c7ce2c5e2f375d7eecf507

SHA512
c97341d3a0ba421e1c4254de54bc9e0ca5b8dec251cc4d60a5588716bcbd738a5c91ea1e566a6ad39ecaf63d7589ae22241629b1d26bb6f7bbb3f671ce3fd172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff1f964897b0146653cc105f25ba0efd

SHA1
d369be7366ccddb59ab3a565969efcdee623680a

SHA256
3914912b84ce73229bfb1214e9dfc3bc750f2a116f74f5852ed5a34dddf1bf95

SHA512
a3d3669282649251a262333d813a9832e647f6fdb9a3d81dedcf0a9711fac0d5a415a1db2b11d19ccedd2f889418c4761c5251b287e3e9ef44128fccea258c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b314cad051d0f52eeeb04fd0370d8c98

SHA1
bf550d387700afa25501200cf75bce80900a93a6

SHA256
05bd1e3b6bae9e336218287c453b9ad620095bf01ba67b28bfa1bee6a5f362a1

SHA512
392ea4acbff36f4fdd46fb97f05d8558ef389c25086a19c2c7fdb54578b901671261e44d252ce9f0dd9aef4bc4db5dfef3874554fcd70a625fa0794a1ca9bcfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4e6ad9aa0887258be46c97ac55e978ba

SHA1
5ab73060d5926700cea65e5014422eb21443db07

SHA256
2037ee032eeb592efe0f2e8c618ee66baf936663985c069bacca52c76749d4d6

SHA512
1d225c48a6e303e68d3166546df83ac2ed97a1c58b37d424f727063bdb2cb35b28bc2e43703d1e258fdb8ae2939c89ad3919c58b7dbfa01cb1629dbc886ced56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51b28f506fa191a141ea003ea23f4b69

SHA1
4afbb19cb7e7a79f1c4bea0ab3337fa1e92b3d18

SHA256
833b2e00100176a9a15e80bb08ec350560f960eb061a9be861d84abd620f62b1

SHA512
6ecf0b46255fbab65bebb8079f476309b85470d5d2eb44671a8b10a769fb911c8fb74c2315f6a94b72693df720063c515675451a9ca97318d31d0f5ac0853466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ddf5baa185a51671fd9abfeee6c63383

SHA1
2118e12a630a46662f06f2e0a270c3e688ebbea1

SHA256
17dbb25a723471df21d765393288c31b045b86fd688590eaeaf60fa6ba454c40

SHA512
4d2c6f38f112e3ec6030104f115f100a7a84b440fea3d14fde7a0206524ea6a28744aa241d938d0e452db5917f0358177ed15c927dbad7e803f3212b0e444b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29312f9a67e4c5a634fe0204594e81ee

SHA1
f4dcb4b64afcb45a69ed9260f964484d24662078

SHA256
53df34dc996722eea1fd9240dfbeed8eb97c96530efd51e7111dec78d4e5d427

SHA512
1e9ab68b0c5521cfd34ffab913e2cecef302bb08b9da8d3296b00d0e5df0574533a10fc883137b7e02d1e925e8a73d27353064f388eb6ef61c24a456c79020bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a841032b38e5e38150c0ed1333639907

SHA1
4400b8b23d6cd091be18c3f6ffba07b9c5e86fca

SHA256
f27a56d3b657d107ddfd79f2c99f615b128197ef6f98df980e02453c157da75b

SHA512
ad82bc98277c0297aa2545dc4a4bb9c8192bbc90784dfb0738b543ef0b63fecf8cefa25d14582ec74a9d71765fa8bf781fbfeebfb10c53faddcf0f3d5c4021d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52a80a06e788679ac22d5f44d20504b8

SHA1
9c997c92a66c4e9da5ffa09a16708d82257943bd

SHA256
4f1c7860e302a1b3c4ba80470747d149dba2dd3e94bf39170c22c223eb3a4c89

SHA512
60c0c21a5af0d5988ea4c395b8cf24bbd4ddf7a86a30c6271a0c49938bf5c55bdb869861e0248a94d3593279bec0d89cc93bd28bd82f1085fca154891ec641a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
568dd98e6b78329700eaef65f0ec04f2

SHA1
8364e389bc18608a2e70e9121fe1041f4077ea14

SHA256
71a1b50271038e62bb635a96e134a93094aea44494ec5421265f31ca2a6a72c4

SHA512
58b912340532813c47e38302712674efd07ed1ac3fb0d007705e47d3b422aa7be130be0d5286b0137ceedc7f91f0c573b7720a90762345448f7f20513d2cc703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
b5bd028d38a5c0872da33a01c92fd6b7

SHA1
b4609895f09d793fceeff3ab21d63d4293366e53

SHA256
a5155892400aeaaf10448905f474df178d610574cd249111b504d45bd213235f

SHA512
bf60cda158ed5975a36fb0477e184faac7a8bce13c45bf1b02608e232ca766d8a27cf7ddcb916dffa0faab054811e257246edcbc7f6f8ad82794af8f68585c22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
c113309231ee741037c62b5c5ce1bb2e

SHA1
eed82f7ee7d678cbe27bed1e994a9673f3be95b9

SHA256
f3fe6f5be1157dbc7c4f85d2068387517c36f0506f685198b2dc59c5bba7c258

SHA512
06443b9f7eef55c3346c96604ac755cb87a444fa6c78e9a22bb38401a9e9d6035de314abba16a18d77fb4c52df69abd573655cf65738426c13c076ed50db02bc

Download Submit