903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2024, 01:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
Size

897KB
MD5

81f614c7baa01297834719549c69e1c8
SHA1

ccfb8bace40939c79bf7c947920e26d2f496303e
SHA256

903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02
SHA512

a9b111d0e4cbc0738f4e9213ee18a851c3f541b757cd1a14aafc63e0a915ff5f81d7534f4c13d04b0a3eee8bb643b0c98cd89c8d4f07a7f0b85f9f749d494550
SSDEEP

24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8a4eK:ZTvC/MTQYxsWR7a4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
3516	taskkill.exe
1856	taskkill.exe
4680	taskkill.exe
4260	taskkill.exe
4452	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133726511750687759"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
2456	chrome.exe
2456	chrome.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2456	chrome.exe
2456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3516	taskkill.exe
Token: SeDebugPrivilege	1856	taskkill.exe
Token: SeDebugPrivilege	4680	taskkill.exe
Token: SeDebugPrivilege	4260	taskkill.exe
Token: SeDebugPrivilege	4452	taskkill.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 3516	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	82
PID 3880 wrote to memory of 3516	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	82
PID 3880 wrote to memory of 3516	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	82
PID 3880 wrote to memory of 1856	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	85
PID 3880 wrote to memory of 1856	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	85
PID 3880 wrote to memory of 1856	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	85
PID 3880 wrote to memory of 4680	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	87
PID 3880 wrote to memory of 4680	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	87
PID 3880 wrote to memory of 4680	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	87
PID 3880 wrote to memory of 4260	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	89
PID 3880 wrote to memory of 4260	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	89
PID 3880 wrote to memory of 4260	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	89
PID 3880 wrote to memory of 4452	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	91
PID 3880 wrote to memory of 4452	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	91
PID 3880 wrote to memory of 4452	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	91
PID 3880 wrote to memory of 2456	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	93
PID 3880 wrote to memory of 2456	3880	903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe	93
PID 2456 wrote to memory of 2412	2456	chrome.exe	94
PID 2456 wrote to memory of 2412	2456	chrome.exe	94
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 2300	2456	chrome.exe	95
PID 2456 wrote to memory of 4652	2456	chrome.exe	96
PID 2456 wrote to memory of 4652	2456	chrome.exe	96
PID 2456 wrote to memory of 676	2456	chrome.exe	97
PID 2456 wrote to memory of 676	2456	chrome.exe	97
PID 2456 wrote to memory of 676	2456	chrome.exe	97
PID 2456 wrote to memory of 676	2456	chrome.exe	97
PID 2456 wrote to memory of 676	2456	chrome.exe	97
PID 2456 wrote to memory of 676	2456	chrome.exe	97
PID 2456 wrote to memory of 676	2456	chrome.exe	97
PID 2456 wrote to memory of 676	2456	chrome.exe	97
PID 2456 wrote to memory of 676	2456	chrome.exe	97
PID 2456 wrote to memory of 676	2456	chrome.exe	97
PID 2456 wrote to memory of 676	2456	chrome.exe	97
PID 2456 wrote to memory of 676	2456	chrome.exe	97
PID 2456 wrote to memory of 676	2456	chrome.exe	97

C:\Users\Admin\AppData\Local\Temp\903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe
"C:\Users\Admin\AppData\Local\Temp\903d876f17571d2cd2b876d08243beebb5feaacf50fbc939d2cced03080d6d02.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3516
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1856
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4680
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4260
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2456
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa9b5acc40,0x7ffa9b5acc4c,0x7ffa9b5acc58
    3⤵
    PID:2412
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2032,i,7534572305309437518,6104887139092317790,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2020 /prefetch:2
    3⤵
    PID:2300
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1924,i,7534572305309437518,6104887139092317790,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:3
    3⤵
    PID:4652
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,7534572305309437518,6104887139092317790,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2500 /prefetch:8
    3⤵
    PID:676
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,7534572305309437518,6104887139092317790,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
    3⤵
    PID:2788
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,7534572305309437518,6104887139092317790,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
    3⤵
    PID:4608
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,7534572305309437518,6104887139092317790,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:8
    3⤵
    PID:3188
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4540,i,7534572305309437518,6104887139092317790,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4712 /prefetch:8
    3⤵
    PID:2816
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5028,i,7534572305309437518,6104887139092317790,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4852 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3328

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0ff0aa1365ca4a74553fd33d659e7239

SHA1
4723e0c7e11649b1e82960d06322894a26abe9fe

SHA256
a818f22ec89e0a1b5350172540abb8319dabf725e03b5ff331edd27685367559

SHA512
5ef4c0df97b36e545dd5f25e027ad6d368d9b5e015f77a3b980a5a09196bb6acde26771c754c4580f8200ba8883696cf2580991e7435c181f77e8f733b4f34d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
4122a8426ec7ce53d9f2f2b71d3a8a25

SHA1
1593f0ccde9bc47d0da7050921ea084c268e7e1a

SHA256
3d51d5a51619abf427be83d5de9e1804cd61df0b07f3669551d6585604f86932

SHA512
52bf3115f7294bdc2908df6a8ba733c0c1e241cf8659622780b2c9c92d8c734b3530f56bf9b211339070d6f80e3b4a1806007bcfa2459b368557d0d6f457fc6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d4d70730b79d6d0537194119d7b1cc16

SHA1
39e7c2fd49ac5766847a86f3c93f95c47264195f

SHA256
0253453b24aae982bae8e566baa0cb74300b223e5b7af993c89fd92ad8e1931a

SHA512
3f154c987a7c929d5cb0acb8727c7d26ad310a92b3d4f42673aafdc6acd632bd22cbd9990ca02685717b3452fe01f420caf9e3097a3845e9662d1f87c1372da2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cc11e2c7b37dd172281f643d8b3ce066

SHA1
e720559afc266ab07fd2d792da338bcb3f1e9786

SHA256
0dd9edd555a8054a4cf32da349cc4b439d39dd325f833c526da145be6aa3f495

SHA512
9aea9adb7c47cab6b7bd27e501c953cc82e2aa8fede39ef65be84a610ae6b351ae5cdf60fd2c4b433e278533303b9f334ef2c061ba785ebfd32e0d2f3b4c423f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
77e657f101856da79ebb28f142c29eef

SHA1
56f2ed2dfb985c5dfd6740cd2058543c751adc86

SHA256
0afbbe157576d9b096c41410a0734a5f2cdc252536ab11197e130605716d87a4

SHA512
c60c9cc2d2790b41b3b1654a48c89060e3fa5cf0611505958fdaad2ea87d708507852039bcdd4b906ee162dbbcfc7963ab8635ea754cbc7a9842c9f51616e567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee94b8cbad533eaf01db8c845d543521

SHA1
64481f46d6c078039e0a15394ea2e77ee2704a6d

SHA256
855a3caea87d2724fcd7628473a628e75033a3c0041a6861e296f4d681d2e7a9

SHA512
0ee7e47de5daa128d3692e00a31c938dac22d4edb2a9f171991f3d26e8007ec5f392c178a4fb71f040cc223f94ccaef88fb2dd3fa4aaac6abaec72c0f4863518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e20f19224e4d28482cb61aec928cf555

SHA1
f4e9fb0c418edfce4d9fb191c2cef5668ccbc9b0

SHA256
9ab142b30af9b0036e25e4a0c887c281d9e058292bc05be1e7946ae3e1f8d72b

SHA512
5b33f7504e0620d4c01ba32a6d80d750b6a1180ddf801f9adb8627389a550bbb736ac7b57d7adaebc1ce1f57a505fb441474405ef5d3ffd8099cee4dbaa99d43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d811e3298e355814114d9a9febac1e78

SHA1
c39b1e2e7224850a99dd5281b863ccfa6150a92d

SHA256
2331d843a66fc1f8c901212151b494257ca5d43f9bc5c94af657e84a6020f904

SHA512
04b33cc6752584e680823799f77cd7773dc8017be89906339266ac3b75942cb42e168c5ae21f9d87cb7012166e87b0e30375f18151bd73b3b1955e283a5324d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
715b8502c24cef6eb90866cc598bf0e3

SHA1
f30d36b70e83d1aacff9831a031a9873657f9293

SHA256
2e38551a4261cdcbb0e20494baab245423b1ac99ba59ed7c813efdc6d14fb286

SHA512
168d05ac907c07241b289d981dcb4e9683a82fa56d8d0a4984995e62dad4b9a3a0e73d47c872334b9f86e69b4c2683b828c8324c63c2addb386f844bc1cd9041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
170f9b7ccd79c73e659c14366bb147cb

SHA1
96720e59c9081d557b691077601ad20f40c058bb

SHA256
1bd1e40af1d8879eb1932e1276e598c19b296bc2a90490c654ac49cb5caedf71

SHA512
629f2c97875999f489d8870d79be2aa5ef4acf7815aa6fff2c6b45c43346c3fe1cb00bd6092da12b71cdeb47ed871bdcff391a5c5f1830e834bfbf89db0bb62f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8f522d712e1c67920bcd6bad43b0e044

SHA1
beb6038fa43240325cd9cc8334e9767fe89bd2eb

SHA256
6e27421933024d9c481f375972c8cdeed72f09e4afbdeb5d54e3d4c5935ce7aa

SHA512
049ba2c66ab057e873e56800c6366246085e5a2ebb091f33435a39b1165e18a8d6172a36f57989a1fe74df4b8e86ec6ea6aa155bd0834b88b12f52e3b5724f83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
718bd046d90f1fbd3c5c55fe139c04a5

SHA1
24ed3cb30acc0fe409dd000470ba483ac2825f1b

SHA256
8267099d0843a8f66de66ec9df6348d84f6a157f14224df174d7d0631bdbb67a

SHA512
10ef3979e3a1c483b70194e48af197a56d8c9aa04b84af87647b12acc9697b5c54ea4519d72ef5c55e0748720c4e3de2a7eff79bb77a67e91a9c0520b558c816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
a238ad163e89cecd717d1a45d5024286

SHA1
225928bffc9cdd19302ba2b0035b9aed4d02eb40

SHA256
e062f4a746465db5370380c39cf2356b3e920cfe1639f0dc0eeb56ecd83ad563

SHA512
ee23a7032d1167cba0610d56feddf493b1db119078dcc2b0eb47981dc18832c90ce8cc582d0100268e5a029c869936f5a293e4108564d04487c572a4c62bac8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
a3b21a50e49d936440588b40acbfc003

SHA1
22ab5f2898c3f014f55d50428190a10127f9b984

SHA256
618fd8157ce18350dd68847ed3108164194410d0409a43e5f5ca9726c9573b5d

SHA512
041b5042b57a28578bd325de0edf46b67616d7a5fc77073f6f8a9c320c57d1b3496729016c5d08cc49f7fa4af96cb426144f24bd1076dd189d0b2353b59d7926

Download Submit