5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 13:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
Size

897KB
MD5

c62c4a9b15eea7e867e3871152da1799
SHA1

d943d1c3f862511b7be5cb7f2b3e861b753c8a85
SHA256

5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b
SHA512

516f3c6fb561c874c2881ff4f40b5152671bf0c0be5dd8a8bb6f0d10181a5baccfa07804c56cc2e31ae1f72809316a58e95d18241d694867beff6a3d8acf8a43
SSDEEP

24576:RqDEvCTbMWu7rQYlBQcBiT6rprG8a4UK:RTvC/MTQYxsWR7a4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
3116	taskkill.exe
1448	taskkill.exe
3836	taskkill.exe
2960	taskkill.exe
212	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133729542600527286"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1540	chrome.exe
1540	chrome.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1540	chrome.exe
1540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2960	taskkill.exe
Token: SeDebugPrivilege	212	taskkill.exe
Token: SeDebugPrivilege	3116	taskkill.exe
Token: SeDebugPrivilege	1448	taskkill.exe
Token: SeDebugPrivilege	3836	taskkill.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2960	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	84
PID 1868 wrote to memory of 2960	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	84
PID 1868 wrote to memory of 2960	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	84
PID 1868 wrote to memory of 212	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	88
PID 1868 wrote to memory of 212	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	88
PID 1868 wrote to memory of 212	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	88
PID 1868 wrote to memory of 3116	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	90
PID 1868 wrote to memory of 3116	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	90
PID 1868 wrote to memory of 3116	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	90
PID 1868 wrote to memory of 1448	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	93
PID 1868 wrote to memory of 1448	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	93
PID 1868 wrote to memory of 1448	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	93
PID 1868 wrote to memory of 3836	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	95
PID 1868 wrote to memory of 3836	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	95
PID 1868 wrote to memory of 3836	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	95
PID 1868 wrote to memory of 1540	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	97
PID 1868 wrote to memory of 1540	1868	5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe	97
PID 1540 wrote to memory of 4796	1540	chrome.exe	98
PID 1540 wrote to memory of 4796	1540	chrome.exe	98
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 2132	1540	chrome.exe	99
PID 1540 wrote to memory of 1308	1540	chrome.exe	100
PID 1540 wrote to memory of 1308	1540	chrome.exe	100
PID 1540 wrote to memory of 5004	1540	chrome.exe	101
PID 1540 wrote to memory of 5004	1540	chrome.exe	101
PID 1540 wrote to memory of 5004	1540	chrome.exe	101
PID 1540 wrote to memory of 5004	1540	chrome.exe	101
PID 1540 wrote to memory of 5004	1540	chrome.exe	101
PID 1540 wrote to memory of 5004	1540	chrome.exe	101
PID 1540 wrote to memory of 5004	1540	chrome.exe	101
PID 1540 wrote to memory of 5004	1540	chrome.exe	101
PID 1540 wrote to memory of 5004	1540	chrome.exe	101
PID 1540 wrote to memory of 5004	1540	chrome.exe	101
PID 1540 wrote to memory of 5004	1540	chrome.exe	101
PID 1540 wrote to memory of 5004	1540	chrome.exe	101
PID 1540 wrote to memory of 5004	1540	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe
"C:\Users\Admin\AppData\Local\Temp\5c9e7cd66c51088ba962317761eeb6f21cf8d53dd000273436277fff78c7942b.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2960
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:212
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3116
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1448
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe4e64cc40,0x7ffe4e64cc4c,0x7ffe4e64cc58
    3⤵
    PID:4796
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,17250296839078356641,16461163171462757669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:2
    3⤵
    PID:2132
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,17250296839078356641,16461163171462757669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:3
    3⤵
    PID:1308
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,17250296839078356641,16461163171462757669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2480 /prefetch:8
    3⤵
    PID:5004
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,17250296839078356641,16461163171462757669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
    3⤵
    PID:4228
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,17250296839078356641,16461163171462757669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
    3⤵
    PID:4944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,17250296839078356641,16461163171462757669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:8
    3⤵
    PID:3544
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4468,i,17250296839078356641,16461163171462757669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8
    3⤵
    PID:4984
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4692,i,17250296839078356641,16461163171462757669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2876

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
0a4a803a7cfa92c8336cf6af9b1723e4

SHA1
082fbb48701277130010f47e5ada1fa2bfdeddda

SHA256
6469e9f0295216c7e6d99ebaef1f222f53fca468c29224cdd2dfc4960c89d176

SHA512
e28b616e54d47643093e81b46a523a399f591b90e7e3afc3fdad8ea63a5e3bbd416b674fd4f67578d6eef8b5dfa591d499f1444a6dfc8450846a3824994608d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e0dc08f61f760b603d15cd30b0c56e98

SHA1
b3ad750c6d865fb9311bf0d03593743e2c1daba7

SHA256
0d57839552cf38d3f58bd6a5ba47046d26458a743f05b41d73a560a89e52bcfd

SHA512
0c83ac603092c73f586d27201f147da03aaeb89f07b9a09cd55f26c9950b7db709692c7bf0562be1e186451d403535a872b872026f808efb80070f83bfb1eab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
32936b4787ed9299fefe23fa348c3c0b

SHA1
8b1b587abd16bbc6ac04510cbc909fa68496c26e

SHA256
925dc46732048d6a1c6719e865c1d21a91fe7f0967bd0cb53a4a3f49e7c3682d

SHA512
e1171d7b8cf0b8d6c12358bdd5950fa250b2d96bfbecfdeab59d4a84bb4aca4e4d0d780020d76bff514d7f90c2acc4668a5c163d3aa632606c453f8efa09bf2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5dd4c4cafde50896d23bd16bcd776b05

SHA1
07da2069ec4d6db28da347514df5d3919e358add

SHA256
f003edbb089a0c6cb7df909ee98dbe5e3769f076cbf6dfe11d675bce1c32dc5f

SHA512
4ff9ea64909708742bf5137421861d20a7fd07f7d90e0640a17199ddbe9c253ee58ff07dd3af3bb66588ab95a4f339193d0f94dc62f024854dfefb1be39e530b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1e41edd184a5556d9a44eda8da3f5d1

SHA1
cf19c80def90cd9bfa9af9d29350c9b53dcb9f0d

SHA256
4a3735388c4d50546b7e3ea62cd19a046fb436f6edf11b49fbe1ab9665f49165

SHA512
89b62a79cbdc6531033c833486fe46c5db0f43a944636a6b011bb5108b0bb30e67e5cbedf6128dc05b1bad82125833a09a6f37a98302a3de473b44f5de2ffc55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e946f70567d0226e8baf289ab22f1db3

SHA1
6c20a5384a082a5a1854225d0fd4d10ca68bcbe4

SHA256
7a4ca081be3f5323fae4300debd0753037d05aeecac950ef11871b0800098bf8

SHA512
8124e26c1c5744979b0c8daaed8ab6d8118e5c7bc905689aa38592ac0f8c3e344bb0326bb45549885e566d32629ed324710a8507739fbc0e1d6f0e3249532cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb8952d2399db168f0d95b4647518982

SHA1
530f575e37ea49209374bc1909e793172be12807

SHA256
0820c79248286685f5797d51319c63770b1ff657b8c2964aa2f2bfff6e54f959

SHA512
48e04bbe751e9f98cbceb8000ce9dfa60f47168e89d854baadfaf268f951a0440a0238e6d2564615e994ac0b1dde0d48027b6706588b7c313b32755483ed8afb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b4e50416a2bed8b21035fc7983bdbfc

SHA1
29d53ec7d71d72ac35e188faa116a2273a5648df

SHA256
1db4751386b1516865ffb2ee03cc3b9ee2478f6730b5df8a16998f1919cb9d96

SHA512
f42f4c1e8998141fb4289e75e70dc8bc08bf28f8abfb874a49199ff826b6d08a49d6094a0c53fdba4a72b89c9d58891cf1d873a4960c829fa82762e4344b1162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f9d86bb882ad70fe1d63bf43a53234b6

SHA1
47ae7ef986c1e34fe6c6c3ee1d371a9fb83b405b

SHA256
4a10b1ea8a96799517b47c431776f82c664f9b90e35ea51e3352936e17cc4fe6

SHA512
a990734b5c65e47cd2e88905167ceb8177ef8c55d6fb4a71cce8cfc77376ef99037a31fc6240ff955f3d418e42704c330bbcf46f74bbd17dfde22595f931cfbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
83841b3471e73739c08dbec81889da79

SHA1
e20585c6a24d6817316709496234757af1cb94a8

SHA256
255b4ff1ae0ad04aea0b58b0d48c00993814233fee4d1590a3c0dab63aeb464d

SHA512
e2f079e4aa57f7677c02b948f1f3e7750e7aaf4b5e9adfc05b3a70e7f02f178141b1389b5522c119f0d6a11ce41a589c81178a671dad10b9e154ad1d30d825fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
af257dd31efea0fb880b9b1527994190

SHA1
d1a540c1d51e335ba2accd2aa6aecbedbcf35d01

SHA256
c5beecbed8c467ab765c415faab1be57c2e8ae98f59b5b5b7374bf541081cd9a

SHA512
27a340bcbb8f318976415416c6f8529ad78d695897c1558eb16e756a05d3c1195d79945b50e5feed2b82edc17639ee65b4c5d7a2e9d2d597dd48b478e61680e8

Download Submit