Analysis
-
max time kernel
1062s -
max time network
1688s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
09/11/2024, 19:17
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240903-en
General
-
Target
sample.html
-
Size
19KB
-
MD5
a0d960e790eb958c0268e49cbe02c11a
-
SHA1
31f89a03a9ed52aa563cef777ceb1c28d1389448
-
SHA256
9a19ccd8eed0a74fc973cae1023cf0436813f9aa16279761a03c0ad5415c1f85
-
SHA512
e832bf8e4e6462e83d4dd3ead227d55f05aa820eeeb24a5156f43948cab8e4ecf3677f14e3dd27993a79f655b00a091b9374536b30dd711f217d9d0cd2781ec1
-
SSDEEP
384:M3My6Wspa1ocy4p4lbGa2MvhpNKZQif2b7nBY0CO/+fN1xCejiw:8tF1ocy4iEapJpN6QlnBY0CO/8LxPiw
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
pid Process 2564 python-3.13.0-amd64.exe 596 python-3.13.0-amd64.exe -
Loads dropped DLL 2 IoCs
pid Process 2564 python-3.13.0-amd64.exe 596 python-3.13.0-amd64.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
flow ioc 55 camo.githubusercontent.com 58 camo.githubusercontent.com 69 camo.githubusercontent.com 74 camo.githubusercontent.com 77 camo.githubusercontent.com 86 camo.githubusercontent.com -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language python-3.13.0-amd64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language python-3.13.0-amd64.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe Token: SeShutdownPrivilege 576 chrome.exe -
Suspicious use of FindShellTrayWindow 53 IoCs
pid Process 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 576 wrote to memory of 2472 576 chrome.exe 31 PID 576 wrote to memory of 2472 576 chrome.exe 31 PID 576 wrote to memory of 2472 576 chrome.exe 31 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2804 576 chrome.exe 33 PID 576 wrote to memory of 2824 576 chrome.exe 34 PID 576 wrote to memory of 2824 576 chrome.exe 34 PID 576 wrote to memory of 2824 576 chrome.exe 34 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 PID 576 wrote to memory of 2700 576 chrome.exe 35 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:576 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72b9758,0x7fef72b9768,0x7fef72b97782⤵PID:2472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:22⤵PID:2804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1424 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:2824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:2700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2104 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:12⤵PID:1508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2112 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:12⤵PID:2592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:22⤵PID:2088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3012 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3040 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:12⤵PID:3036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3384 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:12⤵PID:920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3860 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3980 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:2292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3048 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:12⤵PID:544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2356 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:12⤵PID:1772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:1800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2000 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:12⤵PID:2440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=824 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:2580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:2864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1600 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:12⤵PID:3040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4124 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:2252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4192 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:2292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:2616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4184 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4368 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:2344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:2352
-
-
C:\Users\Admin\Downloads\python-3.13.0-amd64.exe"C:\Users\Admin\Downloads\python-3.13.0-amd64.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2564 -
C:\Windows\Temp\{9C17E7F1-F27D-45D0-88F2-9BBDFDCA356D}\.cr\python-3.13.0-amd64.exe"C:\Windows\Temp\{9C17E7F1-F27D-45D0-88F2-9BBDFDCA356D}\.cr\python-3.13.0-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.13.0-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=1883⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:596
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4336 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:82⤵PID:1820
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3056
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x7c1⤵PID:2920
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508a576971f3e59306e8efd5966db93b1
SHA13e1f9ca239c8439025e5a005e3b092a57f05f2ea
SHA2564393c787116c1b8c59b15e0ea194e25f11141669b3b9705da064f2fe7cd034c0
SHA5125912eb6f350bcb37cc058eeaaa5e1ada70f1ffe9b7e2d00ecab3f0592c4437efab2302691f2a1feb381a6720abbc7caac60b47a7901e22246750620407b533c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54656de780cbce372999841000430df98
SHA1a4b651000b74882728712595916c2abb6bd45cb2
SHA256dafdd443428d0f0dcba2cef50dd736e05e76eae0c1e2d8fe78c287062dc12e53
SHA512555a80a7cae13378e707fda15598bf5e01c44bf50a1d07a0db8db57ac3992f82ab9dde15b1fed31606e67ecffb6c104caa168be90d6f3838c0801adb6a1990a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c652654db7f581f7362f376e9417420e
SHA1d737dbedde0e7ad68cddddcd62e6cdb6063eb434
SHA256f2e2632a97a72191a7695fa137af7ef61d8d81d97b0e50e93edca032c8f7e417
SHA512953809e42ea201a9f9b4baccb52f354900c358ccbdf6794d25bc24a954793cb9f391799cfc65283eaa28c15263f5d7e839c18bb1bdbff1fa2a39b1a430c46aef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5414e6356881b624bdd2964a3044291e0
SHA1b54763bbb18bd4dd2841ca89057457f3f505b596
SHA256ff360ef36383f3874782626ff72f438a7ea7d5067c56d5743400511bc7a7e45d
SHA5123d14377f2bf692fc5b633ea6e21c3d75871a4f265dea0a6fc2e2088a9175ea2db86ca291969de45ee53473b4166b6d3dbbb3c66d90826a97adaba8e7393888eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508ede945ba30dd303f6b18cf3fa99562
SHA15dd28e45c1516fe5dd2198e1a67c894688e74b10
SHA256b12d80828c43837a4969a56409b038f11ff701e41e790f95971253e50fa22b22
SHA512dfd3dcf9dc8c3264825922a5f8db24669d797a87ae8ee3db5a279f52c6b78a9716de6bb353e4adcfe780780b553ab29ac5172bfac6b360d48e74508f2c8b736b
-
Filesize
2KB
MD5691f03f759879def79085b9c0d32055d
SHA170bc5243e883502dccd19edb9d744e587901fa3b
SHA256a009af33ece46a74d19e003d355323fbc5680ea93802652373504d8ffc81078f
SHA512969068b1e176e0d5294921c12946e9c527c44fb604369d30685ac444bb60aee8597f69270c9d1c4b87628ca8fe292a4c67104a7e105936d89398886637ffc68f
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\050b065a-0adb-45a3-9740-2bee16bff7dc.tmp
Filesize4KB
MD55b2c1067adf7311c007cd4563bebf33a
SHA11d9405911706e49f9ccedc36f4999aefa67e96df
SHA256c3110e304f93712ab2a1ae6375be4b6830babbcf8dbe356100f45cc1e7b9f9e9
SHA512093d38124b100a7eb20697b33044c10bdf7eb6d43cea9f0f97a8f344a5fafebadd5f3b1c58eb0b4a3495548f2bdb989f8d5ca1370c77c607e6cc3d035e09e819
-
Filesize
2KB
MD5a318973e26f1a8993dd88d5607aa70f8
SHA1ca253cf06591bfc302563904c1f9a7abccdb6410
SHA2564c500166b2efe9880024601032491dd2b0ccc8f32532615f4d081bc3c66daee3
SHA512038c3d6429c20e31c72a2d81e7754b6ac2e8802e49afe04ed2016a23638df180355c85d0888a4ffa050b61effa6efb1fd3af1e581ae97ef88486d88b3f33c038
-
Filesize
4KB
MD51e1223bad578e0f31438ad5154c75e18
SHA12128b905119bb4af37d16a0b1754fa2f31f42bc3
SHA2567dcc20bf1cd63b3de329e4cc7aeeb50069a943b358c27e69cf101da6404e5204
SHA5127f7834fc2d44e8e81059ce601e3afc473a24bd79b5872d99f8a40544da6b1b651c80909c8e6097455bec06a58f0132ab55e84a4b3fb67030e379bc4679360095
-
Filesize
851B
MD58b3346a6c1e662e38244f110b64b3e0a
SHA1b2a750c908a8a6ab9656a6cb95b033d061bd4b1e
SHA256be7284159826b9f84a1f17cf54b86e0e064c2a9c710063a537ee6b1d6b994718
SHA512e9e006b756b1983310945dc883bcb7e0a26c15e498e86bb5f7cd7eb33aba84c405bfafc9f0bee62b2d9d426f978bffd7d1ce81a685d1ae8c58f23cbb7e02b148
-
Filesize
1KB
MD5c8cbe39307646859195ed324bb950bb7
SHA1c124001ee45011873c7743ba88ea5cf6938f8580
SHA2560364f2e05f3b708189eef9269383670ba0847e7c57331b2cc80a5d2d7f518976
SHA5127df407801996e95e116b3e77d54f923d52be5a64b7249e361a9e119f51cd5152ecdb636eb2ccce05012c9773498dc677c807c7990447a696bc4a19a8eaa5d474
-
Filesize
851B
MD57168dc6b8cb8631a9d375b993a1f9389
SHA1752cc9925806abbd9484ec8a4fdf5853b1ec1706
SHA25617db10b7fb419dc8a0f809261217d6e01768632429d5c4cccd0ab4036f801cfa
SHA512a77b155713e43d419656678aec71ca1fe20e75b476dec5480b369731023cc9a658963caba3aadee9a661901dc62257640e807385ecd0618584d32832f5b2e9e6
-
Filesize
359B
MD57b7c2d8ff33b467831cf4ff656aeee52
SHA1bfbe44c5636fa5d401a6dffdb4f1ee661b05de99
SHA25650d60055137ccc061e15f1c165896210877fdb13d715c7ca14722debd5662c91
SHA512c47296cad04a5870b16f11696e2cecbc4a40e069c49675a8160c86c603a876a27cada2bd694bb1a66d8bc51b7b92e5ef59f0ad4bd2576378e9d64be57095f466
-
Filesize
845B
MD5acf40ac16dddb1ce7ca1ce199ecf1e5e
SHA10563d6a9202ec815f9818c5684473e84ce7d171f
SHA25684bbdbb8010e3b7d2e9d7223c3399967e0f517351c1522fe4b34878508a01a74
SHA51281d3cd7e6c0e9be1880249d05bbcd6a7ccacd2c59e51b9c353fbc483cc4f4c00a98051ccc5028c6637d6424e8504d669629a9a266d295c63e68998d8f06c7b24
-
Filesize
845B
MD5373efce4605a41849d4c320fc6be6b2a
SHA10a3326714d3377bedcc2c28732cfd50156a08ac4
SHA2560e2239c16db36a02a72861b5396e8b638e539cd8ca7e80151fdf3ee25c14c873
SHA5129731c9b80e4ada3f94c4c55acac1f14607eac42ca2d0700258a8cd16e1b16c8b52a80588aa42b27d1cad0f83f3dbbff1ac1e901c2d213930efb394002bcdd980
-
Filesize
361B
MD56bc6f91e2a5c1f3fd5d0c07137567e73
SHA141127c689363f9263695ade09e453e5787daabab
SHA2562a53e59cf6d18a573cc6f57883983818f1ebd15b1e09f7fe53514d70f3162fb1
SHA512b6769c628dfed592ea4b7b24ee7cb2c219d47f6445d95a34dd57d834bc270edec28a618281a8e7471538550d8dc914360492c38a47de76fb9aaaafae2999a634
-
Filesize
851B
MD5c46107537faa86a28398ad43e1526bca
SHA1f118436a8f23be9658e7f856828092a2454ec75c
SHA25680783a9d83571a30cc8fe75f51e3856d0ba50aea7923d405fb96d1e780cb6cf2
SHA5129032b6b75a062e83140160e0f5824d90266a5df90563ab698c645751978151fab7f2fe120cfa77ad0157982a89e4a9ed869b3e4d8d97968ee95d9a24e7607aa4
-
Filesize
6KB
MD5deda5214bda941530e0ea7eec527a4ad
SHA132bbcd9362b4a53ca8c7bbecb2c8aa2e5f1e4734
SHA256ef5134320830c4c70139b1c6b1ce92f16d94acc10fd630afd588327b4388333c
SHA512c959ece5984f2df4559be9c063aca0bf7d8aede985742c24314ba2bdd4bd4d79b220d5e8b67e1c96ce83f4815326bd0f4e763e14894f1f73210712d82b36f757
-
Filesize
6KB
MD52bf1f07767cfa4e9528d682ab26f9edd
SHA1fb59927e893ea86ca8465e4e1f2d93e8aae40e4c
SHA2560fb8bc8abbc1108ee543ae409237b1e9abcedacedd14363ba64acd6d76a85ff0
SHA512015261a2ecb6e357ea27586346f14a5b5cccc2feb0fce8b0e38f4ed1622d22b49cae1d7f45916d5457d4949ed2e7331a80daa1988a05441e0d7bc87ef67c2a6f
-
Filesize
7KB
MD5421cd4bc13b4a9cc1586ecece69d7579
SHA12b6f8c2843e17a607388129a804bf22c233d0fc2
SHA256e5670896d3882761db40e6ff610e844a4b309ce2818740465319243d3c03f0dc
SHA5128a27d61d7a4751c4f3202f9f7d4ce82ce716ea238114fe285e80894c4399a0d4c4a74dc2f0bc287e6f665ef9ea0f677c20cdea3d57fd2e4094a1a6f0701d81a7
-
Filesize
5KB
MD57f727f38517d5e22178a3c325161bf1d
SHA17eff3d40eb6353a83ee9cf34aef1c9d78a8dc5bb
SHA2569f1bd232ac0a230afe3159a3f1c7c939be0965185b671fba297bda5f82c78e06
SHA512076177fc4264baa75909a57bfd88e8f11a26314554934f7315eb73120bc0bfba50f8d50ce3530725a8b699c2c3d5d97ddd419508da05b940b0beff5b876a13ce
-
Filesize
6KB
MD5679c2a650b80397937eceb1898cef34c
SHA1024a6ea9ba1b069f0c8dc36ecee0be835e885111
SHA2568b4ea3552e0e9082d7dc3a47e3817a882e14c044a54c9f0ad44fae444e2277f3
SHA512c183d8e62e1d54fd4149a0bd5452b69558c3c037c92518ed0256e687d39670915ff7ad1219d4b63567a2244365ef25c3c1be0d1278bddb026296413fb709820a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
74KB
MD591f5850bb80cfa289e1492819def929c
SHA18cb5b22f885eadb9aea8226e5b4062a0b51b2a85
SHA25662dbe7a93dfce2af6185f753893530407a29f3e3475fb808dbea3c21f1024d62
SHA51234918f1d4cfde5339ac079d02795d179b5a8ac749a38d0faf292fc1fc29071cb80aed454451dd76bc73629ee61e50ab9e7779180e8f01c9b609e746963576fea
-
Filesize
81KB
MD5b8b2c22c08c686f3c6cdb2276aaba85a
SHA139fa3740642cdc997e05b3d8ccb3e7a3169c0d55
SHA256731e6ec0c127f070ac495b03b5b04f1d841f0fedaef3650ce1337026cb587ee2
SHA5122464600c1dace112163c0d08a92e379f7233ff281449bc1e59caa8b3acb815635b0ba479d09d7fc2781c2ede689db824d483f4aa139f70554f265b69f2c584fb
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
26.9MB
MD5f5e5d48ba86586d4bef67bcb3790d339
SHA1118838d3bc5d1a13ce71d8d83de52427b1562124
SHA25678156ad0cf0ec4123bfb5333b40f078596ebf15f2d062a10144863680afbdefc
SHA512ffaef212d55e3bdd87e79cbfacebc0612ffc1c8c4b495585392746202dce6332383199f0206113ee95ebb4a76d718d0700e1aed9ad518d43b7569a44f0a39427
-
Filesize
50KB
MD5888eb713a0095756252058c9727e088a
SHA1c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4
SHA25679434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067
SHA5127c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0
-
Filesize
675KB
MD59751bbeaa1ccffa70003201b43f727c3
SHA18a6cedbe54a955ef25477c961679ae7482481b2c
SHA256b76b8a4ff515ee27ba9da62e64a39b3140fcb35a83d42c5126442c9b4c5d5f59
SHA512b9f0474e311635aa13b4c7d234101e2f08206a6853c825bc8772b977427ce7ce33e45b998cf051d5b70148b511c81d8c630b4757c662d0519ffe42bd18f906ad
-
Filesize
859KB
MD5a9b28dd6caf9f5cef0271e9230fd63a7
SHA11b83a794bf2f657ac17da5443970f59c255a6bd5
SHA256e28657d542725e31c0683557b2125b7f031b17cdd36177dbf030871cba83e10d
SHA5124ce57206031fa0e43f14a389f3aac2256002631126020829ff429768faa1c729c0e97b2b90e9934e593ea212cbb370c79587eac165c623680b38784f64a6b931