hxxps://drive[.]google[.]com/file/d/1xc9QDNOnmElOZBTUP1akh0B23eMl-Zf7/view

Analysis

max time kernel
105s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2024 10:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1xc9QDNOnmElOZBTUP1akh0B23eMl-Zf7/view

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5012	umodel_64.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
7	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133747582792671636"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2260	chrome.exe
2260	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5012	umodel_64.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe
Token: SeShutdownPrivilege	2260	chrome.exe
Token: SeCreatePagefilePrivilege	2260	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
5100	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe
2260	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2736	2260	chrome.exe	84
PID 2260 wrote to memory of 2736	2260	chrome.exe	84
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 3616	2260	chrome.exe	85
PID 2260 wrote to memory of 1012	2260	chrome.exe	86
PID 2260 wrote to memory of 1012	2260	chrome.exe	86
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87
PID 2260 wrote to memory of 4588	2260	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1xc9QDNOnmElOZBTUP1akh0B23eMl-Zf7/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd55dcc40,0x7ffcd55dcc4c,0x7ffcd55dcc58
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4968,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5088,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5360,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5352,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5348,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4828,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4412,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3400,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5476,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5960,i,6080856825214825514,9867180011976223245,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:2684

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3000

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4268

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5012

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\umodel_win32\" -spe -an -ai#7zMap8478:86:7zEvent19703
1⤵
- Suspicious use of FindShellTrayWindow
PID:5100

C:\Users\Admin\Downloads\umodel_win32\umodel_64.exe
"C:\Users\Admin\Downloads\umodel_win32\umodel_64.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:5012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
95055a8b0c55a4d69c1d47145797211f

SHA1
8ac805d060eac6520f182963945831420611a8b5

SHA256
79531abe92a9d433c85da614bb43218ccbcd25364d2e027ba8c5ea343383bd43

SHA512
84c84c85d53aa41f62d8f8bc7101deac074e26df5ef6174f81849e2245f58d1be765ec2aa9585bae1c6f8c0c70ac3fa30ed94d881aad22611706663073071760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
38KB

MD5
d4586933fabd5754ef925c6e940472f4

SHA1
a77f36a596ef86e1ad10444b2679e1531995b553

SHA256
6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2

SHA512
6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
f8a0485cc0dd347f805fffb6fa096a05

SHA1
6899a14ad9e04bd4025a6aecd59f5fdfb4b8b928

SHA256
d698caaa38e4491c9f220c80470f41b0e8bde592f3e28d0239db246ad672e50a

SHA512
a9b8e1e63055865d8d20d6ec50c4736d824942df1cc86e166238271d588f26ac2f612906ac57607d58ca79d5bd1ec7187d6deb673677d4278f6e150f4106e425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cf8ff5867a03b31fad11c4191cb73ed9

SHA1
64659fb9deebd91e89d0ff2e75c0347d3f947bd9

SHA256
9d2820f5b14f081c8551600b6b30a61e2788d64b4d2ff9c3107f05fc8b9e1aaa

SHA512
52fd31af612a2740d6e907526ced94e6ddd0b6dbdb6d0345fd9d3bf2b2ccb8bf7561cc176dcdf8faf0f28626974f8546475503f2243d6abf9ce42ea452d3e78b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
e488ff527f0abc9aca89231a48627fa3

SHA1
2b2634ccf609c8e08f27db928b1ccf82ccf8e7df

SHA256
59de2e699c61b7454341596bf2563d57422d19a480459c989036e31603c54612

SHA512
5258cf132b19fff3756e7022d505fae51fa1352f01677766bd3998b4632382d40a74132c6a47379a77fa8783035504a2f68ab81d5d1f052a065333dca767f9d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6f1830f2a997cac975514721303aa019

SHA1
c20615d81a16bde34614f893ab41d8ffc8797c6b

SHA256
a0a8f8863b8fa3a2ccddea8f546a2711204fe9a44e476243f7f81871cf7f014c

SHA512
efb148aec42269e737b528d2d18d97c976f0b5d657b242ba68561522cbcc05766fec1e99322eedd6cd22c954d9404eda4167cb604269e0f0bd30eb744e57acc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cd5bc00438cef0a2616218413116d8b9

SHA1
36e18849b193a88f520abf1fdbbf7e4d5a612b38

SHA256
2b59d40617165e08b7ec44dd3771a6e82417126372c1035609344b41d4666dcc

SHA512
c5ba87cd057a350685e89520e86de9d6a39b173df4f54a12149e25ed3265e9ec02362665279e83d9160a4f56336c2eafb2f6eb87bcd0b4c890769469e5fc7f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
871d980cb9f567b0d65759422ad7e6ca

SHA1
eedef761a533bdc4ecb6a4ae4c1ec2c34d90026d

SHA256
bb2370d9b4abfd53d0b5aba68829b38fb5e8ee94c137a0fc9bafbfa64e30113e

SHA512
cf3929554f3b39f29a4ac00e94e0e428396cba1b5b5e1966f0a0add0c1679e4c8e3c9d3dce90630d57abbef3c1dc1eb3a4bd0440c2f6c24aa4e0627148e09b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2f343b78f6801d9fabe3374a0e8aa36d

SHA1
adb8ab71b5198344681aa024f24693f08bd7838e

SHA256
087afc0aad60791f4ecb0216b8e5ec0d8811b597e85ab218bc65461e2897c4f1

SHA512
383b32d8db14e087650effba3f06fcbe137cc2bbefb037eed2d285e9f411bfa04711608b126e9fdf474ab854d1bef1136f1786a9c1efa9af37dbfefc03777796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13722272435bf7df0d4f8a43d6aea02d

SHA1
667cc3a20efd26688d1c5265e657bd32ab40073d

SHA256
09d92054782c4ca29af72e9c345a8110100377d3afa8af0fe313d67cb21250cc

SHA512
185a32615a6b4931642b8246213659bef972f9382920fdcda135fecb2d7b72d6f35315a7ee2a7a7209cb868bb987909c44d326a82fb1455ed45e2baee4c628a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
569c5c18d588312c28c475157fa1d3bc

SHA1
5823a365bb31654a2b09ea70017f598c50780261

SHA256
c9cb8e134da1269692903d7218facb0e54603c06c02aebb2453f9825cdc7ff53

SHA512
465dc0e45a81c3b9486e438d896557371a474c2104ee03bc31cca5a59582593ed599606c8617a33123e3e382d1f9299c87076ba613094b9a8b1b7e49170a257b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6ef6c4a324825fe60bb823f8b09e5dd9

SHA1
747907b9562384093cf6a4d3955423d5faf07bf5

SHA256
bdf0e5aec3420cfcbe1d6b4962657510fe54c44c6e10ba23a30281c0b2079444

SHA512
f011952ec9aae885963c258d39b9d6a33f50c53a97e39d97a84376e5ae136aa11de4047607c959ba2c2f12737ecfdef456cf8fbfb552d2a321cd40653af1f2be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9aaf859fdde037fa1162b4aca0de7079

SHA1
a00782f084013aba3b386ff2178e65c1beef35e7

SHA256
0657f270393a139851091c66386ba4b9d093b1eb41926fc1aa8014a8f8049fa7

SHA512
bf665a9bf02d56c494cec3975bdf4020ae5955cb6a315f4ae113ef06568ada48f37eb0ddf828bc6b52f6a32c996ec4205fb0e3f77ac287d2cf91e8aa8653c6b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
65d502777cf806264cd49259514a24dd

SHA1
d4072e8c0dc18846c082927fd8ac50359235b385

SHA256
8eaceef9752f072235cc71cdc2dd63caeba2b871cc30e0584a83b7a7681a8f0b

SHA512
87034491428ecd0bb6f73f7b5da07021cee2b8e1aabca3764867615f3a8252362975132ea4f5bd9aa692ee40aa6ce9aedd186cfa9f9330add7fdc7267ef54635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ddb5fde7f35ad85874ccaf5f5b025963

SHA1
d29b4bc8a75d00304cb42b5f9b0c4ae06417ed05

SHA256
162f619d12f731da5e706ee41b9af33070354bb5fd817dfcb818e7b20ad25928

SHA512
6108fca52587cff9cfbd311520884e6bd11bb26ba08a3e9a8f1fa0f2cc90a4d339e3f6d67f1c1fbc8a6c65100a62f5335b79263f20917b773e6859588cb06314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
90e12d3a17f669cc322ade8a7c327ec8

SHA1
9383f52dd1c7e1da90890160779660087f63228b

SHA256
6a3a4bbf706fae7409d05ad15412da7a991fc0781458b31df1fe37e446874add

SHA512
032f92c34e58cdc5a8a1b8046c3fd3276cc03adcaa6898644f940295da6c92eb5f7403fe7961ac56bb98ec4ab557703d2b9275dfe39446e66b604c50f84cf269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0f6ac543e013e979ebc6a386f21b410b

SHA1
1dc4270770e6806f8b6bdf3258cf635df89ccbb2

SHA256
f68e28ac27b7dfd5843676fd00a7a71f7f6b6bdb4be0762c6df15dd7f5ce5305

SHA512
a5e9bcb3b98008a4f7a02f0527db11f56efdb147133770c73178ee788ac91570630ab6719a43462f66db87b387925a61fb17cc487c03aff897f39416dd57f8d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f7da71c4dfd7cac15f254adb12cd4975

SHA1
ed417be94de3b5fe77812be2fba2943d459ba9ba

SHA256
16026354ce65ba6d024f927095b7a2ec25ffc65a16b15fed99d0259906dcad18

SHA512
576d8d1808b19e3339f0b0a9fc3ccbe5bd2b565efe9f1de4859cb9d95c3645f405c43ae462cdcad87a4437eb5ab78e5ac8774f6d9d63bd3d03380cfc93c34e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
293bd3526a2b751e3b3b7929c144907f

SHA1
f231cc519bfa78c5a0620c4ab07116a5f59272df

SHA256
3cf00d61f5ed96e328c91246a364ea8f5dd492f7afd04a50ee6ae28614e93344

SHA512
5e0933a5cb104d093b5af7967160abecffc431b8151fa0ae37850e4e5935a79eee4f5da3fcce618ae7064a8d79a3f6a8c0329d0b9c980e5164d3f2cc7cf056fb

Download Submit
C:\Users\Admin\Downloads\umodel_win32.zip.crdownload

Filesize
2.4MB

MD5
7f6866906f577bf142d8fcc3dccf25c0

SHA1
45afcb035ae94d4cfa220e72f80fc04f9a6cc06f

SHA256
2cead261b360dbcc3e703f091837b415f868250dd6a73a154f4232d09e226ef8

SHA512
a96b9cfcb814ae8cb9de646e1690ff01842b6537a129e0f2bab191916e88a351111115f003b1706374e16b975d735481e6113b70a91479dc24cfcd2d3688900c

Download Submit
C:\Users\Admin\Downloads\umodel_win32\umodel_64.exe

Filesize
1.6MB

MD5
fcc79db4bea2936bdbda674d8566720f

SHA1
79ce2959259ef67cbb398cfa79d431ed4745be5f

SHA256
eb6cd8263f9a34af4a322b3cbd314c05b842ef9896ffb70911176dd22e8ef503

SHA512
e450591ada24ac2a755ddcc52ba821cdd3f1c7d6ea4600522c9cdce1f5cd9d3f8f744188b196102fe14c43cf4d7055eba36ed39487bcbd5441ac5b4b2359a514

Download Submit