Analysis
-
max time kernel
92s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
17-12-2024 21:35
Static task
static1
General
-
Target
monk fish complete with background_LE_auto_x4_no_background.png
-
Size
406KB
-
MD5
b3e6b9787924ad7ba9dd692908a1af43
-
SHA1
45425326b3df108dbb9a81ff9f498dd74d14267c
-
SHA256
781990bdb6e701d3f834a021f055e30dee58ceec62de77b77e2ed8ead4498ac0
-
SHA512
b69268b2706fc13c8f707911fa241fca1c545d5889fbe86cbd68318a3169aacbe780f322c109c8e61d9ed42633197da1db0d1c1683450378dde1113f78fd9582
-
SSDEEP
12288:pP2yLkqbsEM/RaBGhyMyjYiiqrghZ6YKZ5bypmQ0EMA:pnLkqsEM/8B8lyjYiOP0ypf0tA
Malware Config
Signatures
-
Detects Eternity stealer 2 IoCs
resource yara_rule behavioral1/files/0x00020000000226ed-621.dat eternity_stealer behavioral1/memory/4520-623-0x0000000000040000-0x0000000000164000-memory.dmp eternity_stealer -
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Eternity family
-
Disables Task Manager via registry modification
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Executes dropped EXE 4 IoCs
pid Process 4520 AJProxy.exe 4628 dcd.exe 904 AJProxy.exe 4420 dcd.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dcd.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133789449511764141" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4104 chrome.exe 4104 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe Token: SeShutdownPrivilege 4104 chrome.exe Token: SeCreatePagefilePrivilege 4104 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4484 7zG.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe 4104 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4104 wrote to memory of 4220 4104 chrome.exe 91 PID 4104 wrote to memory of 4220 4104 chrome.exe 91 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2656 4104 chrome.exe 92 PID 4104 wrote to memory of 2164 4104 chrome.exe 93 PID 4104 wrote to memory of 2164 4104 chrome.exe 93 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94 PID 4104 wrote to memory of 4736 4104 chrome.exe 94
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\monk fish complete with background_LE_auto_x4_no_background.png"1⤵PID:664
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4104 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff86847cc40,0x7ff86847cc4c,0x7ff86847cc582⤵PID:4220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2000 /prefetch:22⤵PID:2656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1796,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1696 /prefetch:32⤵PID:2164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2400 /prefetch:82⤵PID:4736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:12⤵PID:60
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4516,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3712 /prefetch:12⤵PID:760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4348,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:82⤵PID:5012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:82⤵PID:2472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:82⤵PID:2936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:82⤵PID:3552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:82⤵PID:3388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5192,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:82⤵PID:4428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4876,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:22⤵PID:5068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5612,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5604 /prefetch:12⤵PID:1344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4740,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:4860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3260,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:4184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5468,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:2944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5412,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:4084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5688,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5744 /prefetch:12⤵PID:4076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5092,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5288 /prefetch:12⤵PID:4020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3428,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:12⤵PID:508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5756,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5924 /prefetch:12⤵PID:1516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5712,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:4948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5384,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5708 /prefetch:12⤵PID:3424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5888,i,7186997275533769690,12304187383529022968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5968 /prefetch:82⤵PID:208
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:544
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:636
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2824
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\AJProxy\" -spe -an -ai#7zMap531:76:7zEvent296921⤵
- Suspicious use of FindShellTrayWindow
PID:4484
-
C:\Users\Admin\Downloads\AJProxy\AJProxy.exe"C:\Users\Admin\Downloads\AJProxy\AJProxy.exe"1⤵
- Executes dropped EXE
PID:4520 -
C:\Users\Admin\AppData\Local\Temp\dcd.exe"C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4628
-
-
C:\Users\Admin\Downloads\AJProxy\AJProxy.exe"C:\Users\Admin\Downloads\AJProxy\AJProxy.exe"1⤵
- Executes dropped EXE
PID:904 -
C:\Users\Admin\AppData\Local\Temp\dcd.exe"C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""2⤵
- Executes dropped EXE
PID:4420
-
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5d2259175d50a742fdb4eddbf27a3fa9f
SHA1e3a6e6925e1a777985cc8e788f33f3512160a4f5
SHA256d20291597725f9c6a2bd20a155067c0cc9238720ae2cfac921caebea76c2db0a
SHA5128a7d0907684cc723ce435f4decafced732c3125c4e522b2a9873a40621b352860abaf5354e0e0ddf4df95ff2239d4901cd7c4f449b7eb64633e1e6f584e508d3
-
Filesize
384B
MD54be87e8ff162d90b0c4f70500e47663e
SHA18ac26aa6b19c828e827ec9b0a191cb62246752e0
SHA256813f8cace6f567fb4ca2e265eb84447018c8844a536ef36661b1e88356929df2
SHA5129166d87f742eb4b1aed945ed3c0a8547dc9a2c8da507dd816aa661b8660c6a7a1090ee5fdaa21a25bfba1f6a010cb4f2c86e8404511fbdc4d0b065d448c99ac1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json
Filesize851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json
Filesize854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
7KB
MD5d52c9a1e618fca2c168cf7244daa982a
SHA129139e39d30dc21d7563d36bd818d6e3b3482058
SHA25645818854247272ea004007e76845d99059a73c24f0f9ac44fb506ef563329e53
SHA5129bcc838ae45c33fa2abe8f7ebc9c6d0c611bfd5f3ad081c4ebcf92278650ea99158701882ba540b11edd9075c1aea8831499c164eda1d7cf6cbbe666bc2d5762
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5ceb188a0858f74b5005fe51ab35be6ee
SHA115143ebbd7c79d7d1a8afeb4c10f6c7ce7e7e400
SHA256853935192595777362c2e17b9d4e2744dbe46fa25a332b882a452d15f9df379d
SHA512d9bb70ba2779e3af7570809c522b21690634e1ebcb2b2a9b4ead3ed4f979ce076b084312432005b6bcd3265e36bdff96b665d91d27362e2426f6d9e2b016039c
-
Filesize
356B
MD50e0492198612525d07cd2c90fa8a171d
SHA16ab1cd618c1a27f4ed6d57a153945a508bf02e7f
SHA256c06d8ffb94932c40ffe3b6c38ce7cace478fe825759423e5fc9bc507b169ae3c
SHA5124e00aba83467acfa2124d63409cd0044aabd72a61fb53841adb2be820bb9dab83ef0b7d5d4bf66fb3d8310d4dc99bd3c1ec65cbc73499cf820a11404e65507f9
-
Filesize
10KB
MD559ca6d47b449c77ecc822d9b03c91712
SHA11600f779ab2912bbecca3fc4fcf4c2777d4a1665
SHA256d32027352380c646bcc85c033a44bbb247d17274df9a8bd0c6936d5eadc28a86
SHA512868d17dd4022ac304a732257bb6c172624099d7202b9e298099fd796ec307fbbce34d8a20a2c35a0317d37b39dae41a1b18dd5e48d85c9a275d3bc801571b654
-
Filesize
9KB
MD58d8468db0657deb2287cc5dbef0e647d
SHA161a71a9f9a3394619dacd887c48b52ea8c5b997c
SHA256ce01f4da16a4abfd3934093879fff03c9e623f5d180f56b52491181f34d999d8
SHA512f5e3e54ef80503837b37aa391955e16ef02dff471278275f4476827d2cc6c9e82a5ed3bc33dcc8f4f65beb9747dca00696d54d90117a7438313510567ce197df
-
Filesize
9KB
MD5a6fd3253d3f506eacd2ed73dd9406247
SHA1014c501d7bc65e52fbeecd89644ac3054fdd6b56
SHA25601456e34c8b21f1cf9a8561f33d98b2e8178737f82b039de97c917e41b88f8f9
SHA512c9287660ad9948f018597367bf9eb637c872eb072aee3725628ef2cbec09598bd95ef4b0c836c24ea9a7811887e6dbb5895ba281904a9b02b5e37865cc5b6d8e
-
Filesize
10KB
MD5d25882d416c2e47c3a7e8f49a80ef8c3
SHA17316d06e4d52352f9b770b5f40a6aefaa2425e66
SHA256a9cdf7740d3c697fb3c5cf9506c99ee52b338f579b6ce2a51f38db7437c54766
SHA512b0e6ae477c85eb3e647837249b71cff7941a6e38e35230c6a581933f8d9aca9653edf298be5b250ed26997941a58fb10af8dea8eded5e5633b76b5d0cf7062a7
-
Filesize
9KB
MD51f858a1ed33d1588a80a6c747f09e008
SHA1df47dcfee0637d903e365cf6a6704477cc5a0a7e
SHA256c1df4c612384a458ec481dd213a5561439497bcc0cea4d7f087b528e65be7507
SHA512eee148855a8064cb587982f86e05a903ba757f074fca779dd249d21fc69108c6c734cf608db2adbf1eea63fcf8670bb15d70317bd0e42fbc974a7cdf8486ffb7
-
Filesize
15KB
MD503107fa5ee4aa1d89064350708b0669d
SHA17fe6555ad9ff69d2df0d2b113e17013fd02a6028
SHA256ab065daf3d7303272a4e0a88c9e5aacc495dd84362471378c49c916e97b5bac8
SHA5124b5f4157334764292bd9cf609ff82f3c80164e6e8fb0a0616d47d8719526a8104fc35180657dadaea17367f026e71d3029573f27993c0727f9e1ae2ac79dee34
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5058bfbcb0c3cb016dfd0f0a29266f6ec
SHA11460dd91c118e5abdacf9c5741c671f1185cca63
SHA25656b5612cd7bef60b2cc46e34d8f17ff870a54b653ef42808ed05a31c9543d255
SHA5125fa6f7549b47a378d665d00e66ed8af7bf57f7136cd11e9c3ded8942b17124ab10cf8b4f87cae8523efb887531eb0e5d86f2d1ef2bf750e318d66788eda80a7d
-
Filesize
231KB
MD5f88754ec4188c0234b920aae75412d39
SHA1134c9c46ed75a10b7b4c0dd9e0fa7c35ebf50c0f
SHA256adead86d2702f4b4921ffe76b642d5e5471ffe074e71417219461d164049eb82
SHA512c91e910ff7c8bb88bdce14b870743f69ceda65561b65f80e56d9d80d77319835c6cc6c0a27d34749a2e65a722bd7f58a10d18a79ebf184fec29f86f04d33311e
-
Filesize
231KB
MD5d5a1e86ebbec54544beba8ea5f3cdcae
SHA12d5d66278736fa3002e4066ec706d5e83131aa51
SHA256f4bba92fc0aa1497f24e3f9055c9dee0376720053b786392a6706c221db8f1fb
SHA512ca74bd7d314eb32f3c59b4d72fd17967fe1bc21fd1b842eb321e1d9f5185b9acc3bb8c67a2af1c018faabe93c869ce4db8e579e983d09095a51a15cdada91a44
-
Filesize
231KB
MD508d2de2f051663d71978d088318940e7
SHA1fcd3c32906136152d7533a9fdcef7a5118102e7a
SHA2561bbeb8c046cb0bad4dec09d6c071d0df0085225d8f4dc3f3cd8718cb3a32dde3
SHA5121dfbf344c656c73ad12b931880b5e1ebae8a988e275fb51783a3f0da982e41dc7926ff1b4d2f75da774a44afd50adb84f51ca6a226664ae6d92875888ab55e38
-
Filesize
150KB
MD514937b985303ecce4196154a24fc369a
SHA1ecfe89e11a8d08ce0c8745ff5735d5edad683730
SHA25671006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff
SHA5121d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c
-
Filesize
227KB
MD5b5ac46e446cead89892628f30a253a06
SHA1f4ad1044a7f77a1b02155c3a355a1bb4177076ca
SHA256def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669
SHA512bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize8KB
MD5978fc84ccf5d2b6af40da78fa280cc32
SHA117e12199fc8094c0a38198d579d3f26eb946a485
SHA256aff041b727f535a74649bfb6b9e43866137d42df2d7056e63de558a7870bb402
SHA512ad7a7d72391744bd47bd21ba5721ba7c3fd3318966feda6ca17bfa0c62664b84891f0cc3048460e2d410653b9a5181a42ad2ffdb8b70a97c5b7352cafa9b5fe1
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize9KB
MD50fa6fb643773dceb78bd9cdfc497d8ea
SHA1d4921ffa90c68b499c913b9fb39c4cc6b5ffa420
SHA25655ccbd3e2ffcf7a049face91c7a3160350e727d06cc7b2a6268fda04b66ab946
SHA51247fa61cc25598a4d5eeccca3b1a9a044c60f621ef6d7f07286a3808c49cfaec1d8034688ee60fd200d75a3585790b76f85889bfb30e1ab0ef902cd473dcaa595
-
Filesize
719KB
MD5beae2995cae564c641bb960c0790949f
SHA1444ef179d54827adffdb8f1079a6d54af9ce6b8e
SHA2569711f98e9b45d16381f4956489ed098171bb13f133549f1a00b11146506f3a79
SHA512a697ffc59096e5e63abf7ef36c6669056c09048600e2de7a4a0232924d237a98a26ecd014d6bd6189787add79fc55619ac53052e2490596c5270905233a9750b
-
Filesize
1.4MB
MD5c03cbe3ad43661536429b73e6455950c
SHA17116e68052f7ac9fec9ae211a190745b9c8298d7
SHA256e49024cfb106cc4a71bd593041cd415f88c504c1aedf5e9b337174546a57a134
SHA5122a8b48090ec32d76f9f3d9dbd657b87610133e477d4400aff16b78b94d18a1531e7af2951c4b5ef4b3b94266dbd06b0b3f94af5b3d59ea85197ad8a38e9df1fb