hxxp://Google[.]com

max time kernel
126s
max time network
127s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
25/03/2025, 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Bromine.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bromine.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873478633554391"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BromineTrojan-main.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5136	chrome.exe
5136	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe
Token: SeShutdownPrivilege	5608	chrome.exe
Token: SeCreatePagefilePrivilege	5608	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe
5608	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1524	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5608 wrote to memory of 5412	5608	chrome.exe	78
PID 5608 wrote to memory of 5412	5608	chrome.exe	78
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 3524	5608	chrome.exe	79
PID 5608 wrote to memory of 4560	5608	chrome.exe	80
PID 5608 wrote to memory of 4560	5608	chrome.exe	80
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81
PID 5608 wrote to memory of 4932	5608	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Google.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1893dcf8,0x7ffa1893dd04,0x7ffa1893dd10
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1932,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2024,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2132 /prefetch:11
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2260,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2184 /prefetch:13
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3044,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3028,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4156,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4132 /prefetch:9
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4136,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5124,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5140 /prefetch:14
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5388,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2300 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5484 /prefetch:14
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5632,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5604 /prefetch:14
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5620,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5624 /prefetch:14
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4132,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5844,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5856 /prefetch:14
  2⤵
  - NTFS ADS
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5416,i,6820205349933679131,10402137629104924705,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5556 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5136

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5652

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5588

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6104

C:\Users\Admin\Downloads\BromineTrojan-main\BromineTrojan-main\Bromine.exe
"C:\Users\Admin\Downloads\BromineTrojan-main\BromineTrojan-main\Bromine.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:3488

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E8
1⤵
PID:5360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
be2dbdd202b484d3632e121c34c65d8c

SHA1
526c2a7aef7c6be5ba344225cfbff0d2e3e63ce6

SHA256
a65c61700fb785c2786774bcf3249a0394bed22c2dc51e9268f966dc265c4211

SHA512
3c71cab11ab905bfc761201b68d35729de6478dc68dce5292fff7b554949373676d8ccd7d84e263cda599a191d7d2d9c6189d93e5e93679b4d2fefc1661f2ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dd88fdade6018b1f3ec58ba926761b50

SHA1
42713e564ae5a7187de068f279dbbb95a6525009

SHA256
740f2e0d7040ceec0f5c42ef3f3912abd6d98a160364eed18045d0ee173d6a82

SHA512
6dfd1026681e198f36b5fd548ae00183fc4e75c9e47abdfc9218f438508ccb7533faae626e6677a16b2056135529f4fae7876b3b7dd7a06ac915b8a18fc9771c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
8fdf81e3ee215ee269411067fcde9aff

SHA1
9f20d133adff5cc4094db93056ac9ecc6ee36823

SHA256
688a4af611d4f6da0ed6d73d6f76d1a030bf495b7e92efbee84a853284986f36

SHA512
b6d63ec9abdacafa89a283c8a097c3bc065eacdfef030daad0b0a41ad6b5ad4a49e3e700a14d255cbdfa52b4399a1e7562203fbe4592f002d86d51906f4f92f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0b8a3a35b81dc8f2a23885995d7f6f31

SHA1
62cdf054b1274cc744647630fc2e259748f41080

SHA256
d0faedbf162a86759c3885e2ea282df07beca7377c59acb326d5e2ebd64aee12

SHA512
5b5e68fcaaed645b7bc5e35368747ec0b4943241b16c93dcac382451ad0c21806b7a2cc51c8283bd5ca8d8f8cd46d4935347552948ef8fa9ea5331d2cd02374b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9993c62fb013af915d4095e588c1bf98

SHA1
49eb126533974d0746bae0b2dd8c43bc205cfa4c

SHA256
13f691df9c382eda09a71aaf410cdb570f544cc52f8341699a0c84648a46a604

SHA512
ade34988754ee7e7d3f8f43ef70f778bf671281d2a66e27476bf816cf7b9347542ac5a2e8f762cccabf0f42c92b1dbfe1d1ec84b11d6e3d7976f74615392ecca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7ba38c1cb61f12d7da1f5bf3181bb65a

SHA1
68c6703046a377650923a787680e6da3a917a376

SHA256
633af3d304ccc421ee2996b8fe772a0f1f7d85c66348781e4351d2412330e3fb

SHA512
6779ff9c29bfcee2628460a8e96187ad37673c50c602cbe9002d0f8b581cc386102c59f5ee65518c0edd560da74b58d1ef029a87a1a83396eda29648e28ac68e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0c4ee74392bcb9c2651fb89da5d6ea38

SHA1
3b0c059f0763113bc1f02ff5dcbc7ab421b9bb30

SHA256
271186f51c93e49b8e397d63570f77ed64355ad873c825457f56c4be696da869

SHA512
0c69717b1882b08f112a904faf5b582497a6ba83dceeb00e15c8522c1557dc55e25ee27713984c27e49a24c9d84606c6cb4edd41168ee16587e07a3402257080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
31387ffb7eb16c10671a5daad5470739

SHA1
941f06ac95fb59936ef93f02b13616c0d1492660

SHA256
6bfeceb685d052a3bb562a977391212c744e5c36f1946d7c9e52ce4505a80732

SHA512
a325eb77db462048c157a5c87a2e6bf2e9097440591ccd86d295904f4a881410f9b550227ad09a4b52b9ec2750e0b08f2d62b8236b27f65c8da8573b39993772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c63e.TMP

Filesize
48B

MD5
db3f3690cbb8b6dee7f94579391e2222

SHA1
cb3be2f9291018283720cf8c0bc4382b28e4ae36

SHA256
673a539d95b16bedbe4137cc287947ca590c836b1cabe1805b8442ae99ff43a7

SHA512
6658c4a684b9a837b6377abb641a1c471cc45a15e4d73dbfd0527c217f633996937fcf7b09f79a01fceacf7857694cfd71ec62a31c129069461ae3c94165e696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe57bfe5.TMP

Filesize
140B

MD5
5aa1a49050b5ab974015aaa7fdd12f19

SHA1
ede894c8c54b58250fd53d579fda79f541743ccb

SHA256
13f25b65a2233f8c76a066471312e94ef3f8da27567f22e35befcb2737313162

SHA512
4fb92e0a5b7d7ff3e1042f044c9a4400c61e2ee99e752433c47c659d6de70f2fedbfa0d5abda239b9ac85c672883d2bd17d7afd4b639bb9d9c752049cb707f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
6f38787c23d01b066b7cd27ed8071591

SHA1
18661166415dc5017c53a098cf5751a26d39bd2d

SHA256
4757932a722ca2303419366a61f537e754bb21bb7a6ab24f883f3f7860c678f8

SHA512
3d6154d7d4ca3b7bbb118ab1ea1ac4a69d6c1fa6c48a813eb9286845802dc5317ca389c35135ed9e53184423b5053a63cd19e813049b6cd8d18e46d391c0f0f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
29f1ec78fc42626abb63cacc295df422

SHA1
59d224fba1529430746b9850c2be08d5ed0ceb80

SHA256
0143dce8250441d514daf2cbf0cc1cc2729885a40bed19715fc17e154f5c57ba

SHA512
42bede6ff85e650c016acff62d787d43699f78782856ebc182b072f510489bfaab1a6c0147f29d6ea826f05b96127a8b6e491fb2bad80cefa6a6c7a5f182dee7

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
e4502e12eddb65147ccb0c39021d5c54

SHA1
e0c340c26168e569ed1b09955e386922b9c76fc0

SHA256
ca1d08100dade9a95b1f93a37ac07587d9dca6866a8cb87436aadd5d29c86d6c

SHA512
9619f8745eaa0f18f6372258d3e7e068c0347fb1effa578bff7d173d6ee49507610316036c712834f8e336a01e95ba8d6ba8270ae1a439481877cc37b51405fd

Download Submit
C:\Users\Admin\Downloads\BromineTrojan-main.zip.crdownload

Filesize
2.4MB

MD5
8b0bc436cce3ca47dbfd3ed067ee16fd

SHA1
fcf110792f5095d16b34ff1cb3ad70981ca4ed25

SHA256
5be4d59fe82a0c086520c44adfb1e07dbe186a229373833bd382ab251a4294aa

SHA512
dc33b7ff7c9b3fde7e29a8079dfb949f7d2a2ee32c865ae36e499e159fac1bbe62fc7cd91c9daba154bc8a25695ded2098d91cd132dc4437e3ed0504c41f5d50

Download Submit
C:\Users\Admin\Downloads\BromineTrojan-main.zip:Zone.Identifier

Filesize
84B

MD5
08998f6ee6042925224d1696d1084568

SHA1
35b1b10578d0e4f010ae0033c0e6698cafaa5406

SHA256
6b940dafc0cc416ac606dff7ed416102877c1e6c077de53b99f2fa8d8e5a238b

SHA512
2f56636037c19fedd53a6e74ac0c9010206d7de8dac9d5f1d3a352dd848a2c9238e5889d95f2babaf6be4abd81d3965a914405960dda044ad3c8a42739a4511a

Download Submit
memory/3488-556-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download