discordrat | ccde41f0780b8216fefd33c8923e25574a8e9a979714ebf046e47bc16ae37c4a

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

noahhack.exe
Size

78KB
MD5

339f82823a43955daa245da0cabce482
SHA1

d8b614603d06fa92b66816e2852dc7b75001d5d4
SHA256

ccde41f0780b8216fefd33c8923e25574a8e9a979714ebf046e47bc16ae37c4a
SHA512

88dd43c34b21278d05c1e335e5b3d5c996107172a2e28278ea902c4eba19adea4bf88729213cc730a6acf59562e140eeb4a7564285235cf52c6dd73001fdfbab
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+KPIC:5Zv5PDwbjNrmAE+WIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNjQyMDUzMzQxOTYzODg1NA.GIYJkD.4evqcmLgroVtcfeGazTWhr8szfzOs-mUqK60qs
server_id
1316420793181143060

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2960	sigmacumshot.exe
1636	sigmacumshot.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133784051658580326"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
384	chrome.exe
384	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5056	noahhack.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeDebugPrivilege	2960	sigmacumshot.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe
Token: SeShutdownPrivilege	384	chrome.exe
Token: SeCreatePagefilePrivilege	384	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe
384	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 2072	384	chrome.exe	94
PID 384 wrote to memory of 2072	384	chrome.exe	94
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 2176	384	chrome.exe	95
PID 384 wrote to memory of 1936	384	chrome.exe	96
PID 384 wrote to memory of 1936	384	chrome.exe	96
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97
PID 384 wrote to memory of 3172	384	chrome.exe	97

C:\Users\Admin\AppData\Local\Temp\noahhack.exe
"C:\Users\Admin\AppData\Local\Temp\noahhack.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd2c71cc40,0x7ffd2c71cc4c,0x7ffd2c71cc58
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2088,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1936,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4612,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4052,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5608,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5600 /prefetch:2
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5500,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4824,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5496,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5980,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5988,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5976,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3320,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3304,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3324,i,14134532133181899659,17838034038489603636,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:2920

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4504

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4932

C:\Users\Admin\Downloads\sigmacumshot.exe
"C:\Users\Admin\Downloads\sigmacumshot.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2960

C:\Users\Admin\Downloads\sigmacumshot.exe
"C:\Users\Admin\Downloads\sigmacumshot.exe"
1⤵
- Executes dropped EXE
PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
966d49189bc28420477b4fc32b43f686

SHA1
c2b15486becbf05b2b07fbbf8d7ddeb2ab4b06bd

SHA256
92df0361fa144991b35e24b635d0bf0d376cdb23699f7d62c22b28677e168463

SHA512
d2f37778342d435045bd3914a1285e6a5826692b42470878f9f309df99d8da43364260a07ecece15b9ff1b7d35b50d51e7fb4f7ef58c5d976019903b399fdc2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
a56e37f1a402001ccc94a18802e1b446

SHA1
09564e275bebd5b4db262659d78dfd53498cc922

SHA256
dff779273dcda44d9659d5057ace098096bc04a8f15eb662b28aefec23141387

SHA512
0fd0c2ceeff64bdc51306090e9ca69b51945347f0bc2aa6638fda76859b7656613e0e74ca4b5f8a40e564e6a814132883285723103be7bff99c203bd25dd6b9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
60f16eddea1adaa201dd47a7ed46b650

SHA1
98bb0ec92a643ef57d642693343bd9c51a629435

SHA256
3e8a591ac187d3a533a77c17ca8fb0724ffde0db3cd444f1112e1d7647de4977

SHA512
5ace5280c3100e7faea142d80080c34cead5ade73f863b7b687e385516990649d51aef34d9c63c1f5315a31b36c070a110ab0317465f3e0afa53888a9bcb5c80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ef5bdd380545b2098a5b35651205be9e

SHA1
bddfe6fb3fb22c35ea91600e761f727ad43f95f0

SHA256
5d5862d0fd4a93f626cb8abd3237d8ce61f0e92b107e5d28a2246fcaf31ed209

SHA512
bd3393159a1286e6ad425f6225108ff66941cc771cd20cfc694be93a3de65f09f3ed989fdfe6cfaf836d37b7de90228eaae1f1906aa33d325c8b3c4db1cd1e76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae3988e83f3877e6659269f26562229c

SHA1
8fa7e844534c22108b111426bb0ddfd6e7e8cfc3

SHA256
e2057e220b8c8576010780f79744130278ae6db61aaa9eaafc0639e3cbc8b6a2

SHA512
d2972248ed633ddebbb1b11fb03554314b195142a89fdbccaa258b25efab7c3d47a0cdabe4a379d4dbcca40346d943a185fa7339813ab3688fa28394a19e5e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
512f34551ad5eccfa14f8c6c3ace5c09

SHA1
058c60d4dec523e17029efda2cb6ccca5a1dc14b

SHA256
46ea79a22791a4c4989cbe1c49c2d7248db428d365ef7c47c871a2481e3eb186

SHA512
8f5a069ae667efb8826247a90a3b886bcf91572d1510741b0e8cbd70447fbe75b49ec877aa2db4e30a8ab0e9a4616bd015a78a752ef2116c38ce4508b616175b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bcf0b83da69e8ecf686f28314d247577

SHA1
82b7d489e49cfd4a59373e9de087f2c23eb9f1b5

SHA256
00c9a93670f2206e6964d42e42977fbe2db01f0a6537f62f2864e34caefb9899

SHA512
fc8585db2a2d2322338dabae322b451e4b50b43c6c3c106459fbf5302001270fc1e1c918301dee27c66adc272896690cf962d16d846219a1f249838d319eb839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
faeb3f9265c0453d625ff847d46f1fe7

SHA1
b18e930c2b8298c11d0be53cdb7703c5ab2d2286

SHA256
47beaafe6b347fd2137a1822934b9a0e10d97552e81b7392c5ab607d8f3764a7

SHA512
53c3e7b7c5848f4e72f4fdd49b4408d8ac68f0eb3e7f036c2d7a0112536db9d93f05103205f47195b8d4981b71e4dbf68bbd103cddb007a3c702839172e7c86e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ea38e7ccfa2921f2dc2dbf42364c99bb

SHA1
227d3f3ccf7c8b56d81165643a907105dcc1f683

SHA256
f0f9fe6c73d4f31d657eb9aa46085f0e1ae5769737a112ad8f14af8e5f027dcd

SHA512
b1426d6f65c0c418d7fac9b147f67c33f4dbfc9d3c4894dab37c9b924ad4d47339b7769641c7dfb4e9d4fab7cd0d4a11cbbafd583a883c45518eaadbb029a767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
a97bf279fe02a3ee0eeefe5437230431

SHA1
1e7509b96557761e968fe186555b4417202d177a

SHA256
9debb83287c96b6f1421d362711a830b9db6b44756e263e8f655575ac7db5b02

SHA512
38345a48ac8b342dbf089e8180231e47983e3a6c1132c03ce710318b7a01de956af1f85a1bc1fbf720e4b185db636073e7dd1514d18e2567647c730bc3b557ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
88c71b7b282dbd39b85d883f16e0d5d5

SHA1
8a4253c7c287eaffb04e65354a21a1927b398351

SHA256
cd6776a31b416089ff6aeef1be9df6fa0dadaa161bddd0dbe65988bb3c040413

SHA512
1b6c09a8d8ff54d3a7a47bc51e4d54722ca9c1adcd7994060e27158c4f668d9286a4694781597f483eeff69e41a951647dde738272adee8cc0ba27df3bbb4343

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir384_1335169321\8ecf4cc5-324d-4ded-b56e-75643fd020b8.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir384_1335169321\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 835677.crdownload

Filesize
78KB

MD5
339f82823a43955daa245da0cabce482

SHA1
d8b614603d06fa92b66816e2852dc7b75001d5d4

SHA256
ccde41f0780b8216fefd33c8923e25574a8e9a979714ebf046e47bc16ae37c4a

SHA512
88dd43c34b21278d05c1e335e5b3d5c996107172a2e28278ea902c4eba19adea4bf88729213cc730a6acf59562e140eeb4a7564285235cf52c6dd73001fdfbab

Download Submit
memory/5056-4-0x0000024CFE6C0000-0x0000024CFEBE8000-memory.dmp

Filesize
5.2MB

Download
memory/5056-0-0x0000024CFB8C0000-0x0000024CFB8D8000-memory.dmp

Filesize
96KB

Download
memory/5056-2-0x0000024CFDEC0000-0x0000024CFE082000-memory.dmp

Filesize
1.8MB

Download
memory/5056-1-0x00007FFD31403000-0x00007FFD31405000-memory.dmp

Filesize
8KB

Download
memory/5056-3-0x00007FFD31400000-0x00007FFD31EC1000-memory.dmp

Filesize
10.8MB

Download
memory/5056-5-0x00007FFD31400000-0x00007FFD31EC1000-memory.dmp

Filesize
10.8MB

Download