discordrat | 1d184c635a032625f10639ec3458a6f8d0a36a6a82078a11b820924f39056080

Resubmissions

12-12-2024 19:55

241212-ym8klsxnfp 10

12-12-2024 19:20

12-12-2024 19:16

12-12-2024 19:16

12-12-2024 18:49

12-12-2024 18:46

12-12-2024 18:39

12-12-2024 18:27

Analysis

max time kernel
113s
max time network
135s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
12-12-2024 19:16

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

mta.exe
Size

98KB
MD5

778dce14368e8b1105544c43ce09d2f1
SHA1

81c7cc17d48b8c5e6e5b9cc1efc8bbae1646dcb0
SHA256

1d184c635a032625f10639ec3458a6f8d0a36a6a82078a11b820924f39056080
SHA512

31a517a024726bef90c60c05173852de117e27960e981ec92456e6a3e4c0b6ac50437b8bfd2ced7afbad2a81c3e00a4c9bd5622af2236f3ae37856d6fd9d4aab
SSDEEP

1536:Vic45PApy/vpjAnT9ZqzY4r5VVZDAcE3VCQfwbJ6Pr5+NzxCxoKV6+UyNV:AxApgR8T9EE4r5n8rwbJ6Pr5+zNyj

Score

10^/10

discordrat discovery persistence ransomware rat rootkit stealer

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral1/memory/1008-1-0x00000216E8AD0000-0x00000216E8AEC000-memory.dmp	disable_win_def

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
10	discord.com
57	discord.com
61	discord.com
11	discord.com
18	discord.com
58	discord.com
88	discord.com
93	discord.com
100	discord.com
104	discord.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp9AC4.tmp.png"	mta.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MusNotification.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MusNotification.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133785046324735121"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4196	chrome.exe
4196	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1008	mta.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4272	MusNotification.exe
Token: SeCreatePagefilePrivilege	4272	MusNotification.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe
Token: SeCreatePagefilePrivilege	4196	chrome.exe
Token: SeShutdownPrivilege	4196	chrome.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe
4196	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 1188	4196	chrome.exe	84
PID 4196 wrote to memory of 1188	4196	chrome.exe	84
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 3732	4196	chrome.exe	85
PID 4196 wrote to memory of 60	4196	chrome.exe	86
PID 4196 wrote to memory of 60	4196	chrome.exe	86
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87
PID 4196 wrote to memory of 784	4196	chrome.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\mta.exe
"C:\Users\Admin\AppData\Local\Temp\mta.exe"
1⤵
- Sets desktop wallpaper using registry
- Suspicious use of AdjustPrivilegeToken
PID:1008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff85d89cc40,0x7ff85d89cc4c,0x7ff85d89cc58
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2032,i,1566600189434841493,5622843547578731169,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,1566600189434841493,5622843547578731169,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1788 /prefetch:3
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,1566600189434841493,5622843547578731169,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,1566600189434841493,5622843547578731169,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,1566600189434841493,5622843547578731169,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,1566600189434841493,5622843547578731169,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,1566600189434841493,5622843547578731169,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,1566600189434841493,5622843547578731169,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5192,i,1566600189434841493,5622843547578731169,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3252,i,1566600189434841493,5622843547578731169,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5180,i,1566600189434841493,5622843547578731169,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3236,i,1566600189434841493,5622843547578731169,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5412,i,1566600189434841493,5622843547578731169,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:980

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2448

C:\Windows\system32\MusNotification.exe
"C:\Windows\system32\MusNotification.exe"
1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4272

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
27KB

MD5
2ce32c69dd632ea98c063dfc16b92554

SHA1
a6935e504313ce6713d3db824daec91dfeef4e22

SHA256
71424c6a5d264aad846ef593af38edd8b668e988ed2191b6f10a0863ce7d3286

SHA512
fe7f0f460ef6bc4b9e1327042496657410f6e996bdfee502e62f133ad868237bdf2490d901f355d092fa3c1420c48970ffe1cdc88f81533f2e9d6ea38202ae67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
30KB

MD5
1b1b9233f9fa6667afe92d420ae96edc

SHA1
38e0f4ce4c1720c6ea52a3d850f2101d2d1e5f66

SHA256
9b5b47cc9882aae5ccc76bf78cfaa1f1ac310e7d9bc17d9aa1c2309088236294

SHA512
1847552d1588ffb2d77ec73577d25c81568ac3b8e23e7f3cd6c9f161d2610e7e48d2ab660771aa262a613f11e0dc4e28d0324a6a3f0175cdba2838b28581341d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
51KB

MD5
e05ccbbac5e97b35905c4feacfa72aad

SHA1
80ff62709ab346645fff140ddc35378e9143b05e

SHA256
ab0b1717dfcf9d0464256af28132678a7417dbbbbb0dc26f15ec2385e0185fbf

SHA512
bc4da0b8e3e43929e00ec19e99c0b5fb9ee226db0092596d96c16764984c7e72448f033ce5061298dab3a088689ae97ca38e549822c95ead8649f02abe8e2436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
86KB

MD5
33990c6507f4f28a2273c722c6e04b0e

SHA1
f17bb1697d924e14605bed08d202af8ef6bb7c29

SHA256
4936aa20fa9593e1b231567973a082996a9d707a36d8cdae6b048e458bea46e6

SHA512
c448afb28c83d5d13bb888d9236adc923a6d45c57124507d4f9f040b49f83056bfef8a1a03ee23fe87c4275ec54b04c6e50f8ee646ac4f77433e0c863a87f69c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
21KB

MD5
e8656aa581ed1b170b64483f13af4656

SHA1
803b2a1836a8cdc8bfecd84c29a4755c9cf80e94

SHA256
e6518fd253ae604bd72f4cca5faa62c3a5ef35c28c8a20c56083d1edc23b7463

SHA512
6d947537dfe3e6e437b4bf31cebcd59a35055791a74e6db65d084b23d99f3c77e51230ce4c1178458cd97400779e1dc49b92c0b33bde9502c0d1fc434602af6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
e43cb3fcd34db3c21a440aa64a967390

SHA1
6e4fd9f92ef2e1697d5673397ed41763856f6b36

SHA256
f7443f662f0375b13d15464ca81511f9a211534354406ae00fc9fb28ef67b884

SHA512
5aefa8401c514bc2b65418c6236bc1cd2cbbd796d1249a4386ab887cccbb76a3a64dea75af9ef181147bba4eea7d32822fa677cbebab2d82987a8185443f2ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0c25989f0df4fa0644c2ab3b616c6d57

SHA1
07f283b0be9a52c67b2aa51a34b82c8b7d1ee8c2

SHA256
ae21e16cee768d15070c1bbed03cc920a7d0533aca032afae5ad7e5244118a45

SHA512
be50668a6119d7fd6564c9746bce70c156066bbecc0c9e465ad6269c2fb87bee2eec587a7eac70bf438292eeff27e2422f130010893bcb11106ec136575535d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e9d3c4773fa4fd67873159e32f53002c

SHA1
28c04ca3e8d2b6e3dcca6f486ff87a2e61633e1e

SHA256
12cf8f5077beedda0e8604898f058c778570d6fd9d58471e3aaa546c9ef893bc

SHA512
dee1c477a252790017aff687ef5fa0ec1f9e25526aec541dd87f3636668177acff0a5bbfca9af0191eaf6f0b845635f43406766466d93dd4527ad5f973c0a83e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
5cfc6f7f5fe68d4b7a9dbc0b487c44e4

SHA1
3e363294582ac745996aed02cd9c99174363b872

SHA256
686db4b2b3eda6f75ad8813d564c07879333b3dcd168719ca938423e24953315

SHA512
2ec1a73987c73df8ca74991f9d72e1a33a49f06acd03920ccdbf8245ea249ecd65f8138b7ba1f8343ca6732bc3cd3c2eb143f8fb9a64939157f76edd2662f988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
dd76ee88eb91f1b4c33158f54deecbd4

SHA1
998eb393144d304cf243aa88b0302be93e9477d2

SHA256
bc2f32cb8b21ecaee61cb6d24228a82c902d37cdbe718d86855bc9f0f2edc126

SHA512
c535f6ffd0c43d00f44104d2858507c1db6063861ebb30505bed1a8e20829747208506c331c10091bffbc1438810b87c5ab1c623d3ad75b1783282cba267dbae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
35f08c4dd9be3b26bae90b5f67879f36

SHA1
0c665f709a8fb1b7ada9a945d7739ba49c8ac85d

SHA256
f38953f3b68847d75f1b72ac38307be79387f70c96e00fd3b7c86c621303fea6

SHA512
a6af54970c792ca10f3c22684fc868a4d851184606c5451960fcc6c50f9ee301cbcf55291369524ad449e1860f148a794ee584fa780bd15329b6f5f6ee24e84f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a1015d7466af625b985f2c22d2dfd7d4

SHA1
bf2280d3e21620a29468f3bc2c8262e9dd183e40

SHA256
bc40f70e54f1d35d54be9056a96bc34ef9351629564f00808aea234681cd886a

SHA512
c93c08c8cd9b17f82f8938461ed3dea1bf6e73a1fcf2b91a77373fb70783d616588eae16e1a95fb45f54f003ce218922be406f43ca3079758400a4064901460a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6822207f6e6f4814e2b4479c3db89686

SHA1
d300e7019fbbca0522c6646b1bda6106489adf28

SHA256
93d35ccdf22e49c0b662ba656c74297266c6c8275db359c611f6ec9eb7bb40a7

SHA512
d85475be06e03318601369cec02d0adfecbd15c1685cefeea8853dbd72155129ac55e97172723833eaedc6153c50576f7ba5e49d44746f8bc97e3bd263ae96af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a980d1a03b6e5b8a730671f512d290b2

SHA1
739171d312a5678c6961989fd1e85bb2e6246567

SHA256
86ec26f626620362b347f7d999868e10dfdb9c45d5ceda80b8bdb3323b6ee91d

SHA512
2b174b1731026f7928bfdf2d9d03e7d778ed591c291684d429ce9437c6db1a721802423dc6c86dbe904573814f063b701d9cb9a1571712805c5209c560950ee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
18539bfba3ca282e14ac9b9080f5b57b

SHA1
626a5586387464464b4498293ce73659e45e2be7

SHA256
85dfa6848be8d7deb823d69b719bd843d426ef4363abc3e6e2813968fe9f06a2

SHA512
139f22927861df2f4f277964cd518039541f54a1f889f1aea2416ba0dbea53cf395d34aefcbc177ecf87ee2a6fd4be1f56ddf3836cfcd1ef56aa1baa01865f39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d455bf4685336bbd299b8d963f5185e6

SHA1
515015ce95ef205a3ec7bdaff2ccf82d05e918d8

SHA256
e3111d9a8a98194fdc6c0f5fb0f0444a52913dd9d2d0dc1de0fa82b8eacf29e4

SHA512
57156d7599662a78956ec6d8d66fc4f479bfc72f96dbbba68e44bf72a7cace2aee8237f4530046a8796e4b291d1f4f43b60ea3cb3a563f05ee21c86cfd43d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
537ebecdf4bc5ed73ccfb6967794df0f

SHA1
5c500ad00113236d3c5cb1647dbd32985fc54738

SHA256
3f8438c99d8446cccd2d522dd8d8c66cb63c3de0624859a3cefe7a1d748b8f9c

SHA512
7442014e7055ba13421f7dd5acde799a70aaadd8628e2acce4b3c701371afbcd294dd43e9de1f4e317e3b686906a9583ecae82b29e6f8a428056530497abcc88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5fafc447d128d476ba78a23746fedbf

SHA1
af087e529ce404c7be06df45933427b59df389ab

SHA256
799d8c61e5c65ec9ab8968dad6bbb544833072527b888cf32158dce5c4b9e94b

SHA512
829a19cd03bc283e59ccf7c741f10be0d2303d56c2c17796a61a8ff487b4d9ba707719714c651c10335324f47d5f00866a01ee7a30870849ed373bc594dfd13c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5323c9b3f5f758ad7673b326e4650695

SHA1
5171b1e5a496dfd8ae5dd7cfabd4cadadf635db0

SHA256
97e18fe10050edb877260a5e064197147c618602b15ea875e334443fdd847f2d

SHA512
8c2a4f8ca80f7a69618b3aa1b5a0dada089373d59c0dde6240e79c259aa4677c284265430a729257540090ef3e386dc772b66bf41c54c17a188d6233fc37057f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
a5062895fde58361fd1003fafee293bb

SHA1
540c0c2142f8fc4aeacdd6423e7b2ca148846446

SHA256
550307e68a491285b4291bfec6c3b66f7689d79e831d628459ae09d44f5a89e0

SHA512
449caa2d2983da7a8f8a8671f407968cfcecc97f621921405271356b72817d5ee7b282bd7db3588823ea767e44966109f73a48f4eca688ef3fd028d989443150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
e8d90eb96418457bb2fdc42a5ef087c5

SHA1
37ad40a13ce4e2d5059c9fe4466174121218e9e0

SHA256
57a1383d1c46ee4e508d70d2608b468f9d4021cbf4b8bbe896e47faa5e2e0f04

SHA512
bec137e6cf3f86b39a7e1086034e06fa2d0bdbbf9e079d77ab670869ce8ac5a707c973e6ba015a9c450b4a2661911ba7182b27146efe400cd4d8be5cb1e95175

Download Submit
memory/1008-1-0x00000216E8AD0000-0x00000216E8AEC000-memory.dmp

Filesize
112KB

Download
memory/1008-32-0x00007FF862800000-0x00007FF8632C2000-memory.dmp

Filesize
10.8MB

Download
memory/1008-4-0x00000216EB9A0000-0x00000216EBEC8000-memory.dmp

Filesize
5.2MB

Download
memory/1008-3-0x00007FF862800000-0x00007FF8632C2000-memory.dmp

Filesize
10.8MB

Download
memory/1008-2-0x00000216EB1A0000-0x00000216EB362000-memory.dmp

Filesize
1.8MB

Download
memory/1008-0-0x00007FF862803000-0x00007FF862805000-memory.dmp

Filesize
8KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads