hxxp://Google[.]com

Resubmissions

25/03/2025, 20:32

250325-za94cawjy9 10

25/03/2025, 20:27

25/03/2025, 20:24

25/03/2025, 20:20

25/03/2025, 20:16

25/03/2025, 20:12

25/03/2025, 20:08

Analysis

max time kernel
224s
max time network
225s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
25/03/2025, 20:12

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://Google.com

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
30	raw.githubusercontent.com
63	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Bromine.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bromine.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "177"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874071569509085"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Bromine.zip:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5096	vlc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
5112	chrome.exe
5112	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5096	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe
Token: SeShutdownPrivilege	3436	chrome.exe
Token: SeCreatePagefilePrivilege	3436	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe

Suspicious use of SendNotifyMessage 21 IoCs

pid	Process
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe
5096	vlc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5096	vlc.exe
3184	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3436 wrote to memory of 3028	3436	chrome.exe	82
PID 3436 wrote to memory of 3028	3436	chrome.exe	82
PID 3436 wrote to memory of 2324	3436	chrome.exe	83
PID 3436 wrote to memory of 2324	3436	chrome.exe	83
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5160	3436	chrome.exe	84
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85
PID 3436 wrote to memory of 5000	3436	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Google.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa93fcdcf8,0x7ffa93fcdd04,0x7ffa93fcdd10
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1428,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2084 /prefetch:11
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2044,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2368,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2384 /prefetch:13
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4176,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4208 /prefetch:9
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4152,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5144,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5156 /prefetch:14
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5488 /prefetch:14
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5504,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5468 /prefetch:14
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5500,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5408 /prefetch:14
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5416,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5540,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5492 /prefetch:14
  2⤵
  - NTFS ADS
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5524,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5556 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=2816,i,13991486031201216076,3543901552173926658,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5336 /prefetch:14
  2⤵
  PID:3980

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5336

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:728

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Temp1_Bromine.zip\last.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5096

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004C8
1⤵
PID:5604

C:\Users\Admin\Downloads\Bromine\Bromine.exe
"C:\Users\Admin\Downloads\Bromine\Bromine.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:3500

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39c9855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3184

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:4824

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2a5d054f-c4ec-42f4-84fa-c00e40ab12d7.tmp

Filesize
649B

MD5
7ea8461644a26b613b6a882308a32338

SHA1
b50458d598fcefcd69ce16826eef1ee21bf5b9b9

SHA256
f573e5579f76972abf065851285018f793b170368a4a6d8288f84cfd059fc413

SHA512
5c284130bce270574a38528edec910f28dd534ec8ee05a18676834e1fac36d21003fc473e4a3cac8d461b46e12beb856ad38e65d86a0770b881610c2cdabe066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
db15901c434272fe725f7a2d1d8eb287

SHA1
199c84fba957f4048368e4775995487c1816bdea

SHA256
e532e900ca303d6e84546073cc821bd48c7a541eb95acfc0d477ca0b088821d9

SHA512
5a8c72706bd11899a6959e99f6998037c53a9f778b8b85db0f06595e68b5dc1b8ec6e0d76b52132a8dcaa1351b83b25771306eb881408c7fd8c404ec319fa5da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
febcc154d0d408401e883d1b020461bc

SHA1
8fb51bb86ef36cfa670bab859f13d8d1f95e3a90

SHA256
0c00b2535f0c8f2bd47ca0bc2af873ffa0be2ef0575bea6c86761b431946fe18

SHA512
15df9fabfa3944402f46662f35153d1b337aea06eb899a6ffd440db8375c6e66ec11837fc6e778c89d2ee23dd7e17ba09e2dd0a469161aab8f67aebe40ee5179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1fb5b4563609d4cf548bd194c3283f93

SHA1
45e31074f5ae56e4d90d29df28b3a8f979bc2c38

SHA256
d15f4da2a9869230c21c6a5fe034c0a8fd5188eb57029bf197301d05c481d641

SHA512
62e3cc2c7bcf900ea924e9b50d9fb9d15089739ce97a3cce83812bee0f24e8acb53d24f4eb59ea9c7715857a478a63fd4fe541a4fa064525def9b0ba477c26c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
efc755a740a02c7263332930f1e3584e

SHA1
585c8d2b8563d711b06132c3c6dd891c36d5d7a9

SHA256
f865d291465554910c215cf173ed954074a9213633628dbda8f403e48251b87f

SHA512
f5fa0070b9e255d0503340b46851bf782b6f922451c52786e612d1e09aee8cba481987f04464de56075c48631038e15e47010e748c865b328968fefb78f22e45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5d2de45c8da53dfdeee9f0da42bc9b38

SHA1
8ec80e29c92d5675e25a598cb6e6a82662ee2cee

SHA256
e2de50652fd1a23e99f6db37e9a35acdd263f644fe4a2d971093ba741c9b2f3c

SHA512
9f31818a23f3f38706e85c83b7a78c46b431b601a4813138ca0fb975e93a9f9601a593203474f23ccdf157464de3c67a0cfd520d8a57df3f77123f1aa97513cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d5fdfee4869adc2db2b79c486f7b9c58

SHA1
e1dac4b2e878fd31d08df30d07a09b9c7d93c5fd

SHA256
6568fc9ab34f146f93993765ba52111e55c7fe26643608a8b2faa946921c8d4e

SHA512
c062669a22c76735ea591ad35abbb6e46bf4a4f42122b20ae568ebf3e84acb52ad14b8c40282c9d167f36af4cb30febfae4ab1067dce7ca271299aedeec2c698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
23990fb76ec7b2fbe92a3e3c79514d03

SHA1
34819547f975601e22e77f4359910c40624a9815

SHA256
96c0f5bba70b8c07d4d3708ca463ff8d624f2e779278141864818311cdf7e93c

SHA512
bae871e9737c532ed3eaa0d8615957558531677e943a2d6cfc4bda98b7a4f8eca4b3939012fb3fe7ca3a39ca944a33ca927bea259b3bac3d706a0716f54015f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f4b3a1601ca05b05bc0a0fe72be51213

SHA1
232b77a53bcd38b26e809be7c5abf42991e57b4a

SHA256
af52a62b4fcdcbc62bf84f54264aa813b9a80a31126b0c74b2fa36a070614293

SHA512
48d88c131b7b46f07cc269d7b6ff6d5ebd22312dad1c05bc4aee020abbeeebdac6fd07d0f45d3ed3d8395ef4038c77c8b1a33c40b0b1a21355dac7957e2e1e4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
99d6d0eae74cb2824aa8f87356161028

SHA1
2621b46d0955111302cdf58e862208289f144918

SHA256
3522af0d3ad39158d63271cc4929fcb8bd19932153f0198ce8586563ab280c66

SHA512
679de4f94de60075b99a46fc991ba5eb736a8ca836eb45e807c8a726a3f22b0925c450e3186cc7ed227517d99ed04fd1eaf5ee5766bf9366e07548e27ff28e98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a3004d49ad1c014e835bfe1fb48d22a9

SHA1
e200af02d905f4a87ea09422c394d1196692318e

SHA256
33690b185a48e63e88b20c4d05008228cfc214fe4905bde909156ad56ca36b5f

SHA512
a0accf4b3b2c8cfb5a7df28636d217e0d693dc0fa69bc0abc6895c0c76d4d79fc5a24f63929d1e119df002fdc8b1e735f23d90c12dce5f8cdac19d394f8886b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
28a8ed262da871b8e325969501f09c7d

SHA1
83eb2054cd78f02dee137f22f813d96794619ec6

SHA256
f499e7e590e8bec1dfd57b7ab340df4536681bd0a11037a6c6cc5116ea434792

SHA512
a175c7499eaf9c8d755f16d5c58efdb0180e95084bddb3a3beb114b8e39aea072fa32513e5ac30c28cff62401f17c009c88511327bfbf2982300530fffdb1126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0c4ee74392bcb9c2651fb89da5d6ea38

SHA1
3b0c059f0763113bc1f02ff5dcbc7ab421b9bb30

SHA256
271186f51c93e49b8e397d63570f77ed64355ad873c825457f56c4be696da869

SHA512
0c69717b1882b08f112a904faf5b582497a6ba83dceeb00e15c8522c1557dc55e25ee27713984c27e49a24c9d84606c6cb4edd41168ee16587e07a3402257080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
39118972bc6cd265cbcd5eafabdb5c92

SHA1
9ca172ec708586bc74b724f6eebdbfafb99d442b

SHA256
74eee9b68f92742dffff47459db42c7e22193b0851f4c1fe3e6196f0fc4d5208

SHA512
4ed442ce8649e9eb53811d1f3c0ae51581a08607b88ca50fc6a295542a91c3914eee89ac80eef0b9273729ecaa523f0bdc24ec0a12cb9a0ad164268b086aa436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cb01.TMP

Filesize
48B

MD5
23c0d7ecf3c8a6d4a14843b0b81d5ec4

SHA1
6ba57c366af4fd82579932930edee35f9705a822

SHA256
8e44df9937f5f120cf52c8de4674681d668fea08c31a4a9c81a313fa88893ef1

SHA512
a0c77ed5fe6d4866f04ad209d6e7c7435220045b9912cc9e113f1bce3e5e14abff1855e1501afe79dd4b380a0ab632fb9a17883ab197a1cbf41c595e88a3aee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
442a15261da1e55a0aaad0c7e52a8cbb

SHA1
bc12d9cb4e7e6fb8ed52316994fb3e8b941ed709

SHA256
147ebd19628788ee0c4a05f6d9e8059d58aada96afd8f827020f50f1874cc612

SHA512
850c053fff4ee6e125b73e1883e54b5b6574dbfba664e221f9b77360173c8450cc6a15da9e608e85e566823701a465b18294120445a845639b9b788dd5a88ba2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
2baf5320ef44e1dc224cd4660866b8ad

SHA1
3f8d31110188fe7132cbab670e607934ff017392

SHA256
b0f124a9f3c35434dd337f6b291469eb119900b25d4b91b18233f726783b513c

SHA512
9b52195bc31e6b5fd0c0cbf9a47605e8f42cc97ade31551935d510520fcdf0679d4ca030eea6a41d5ab3f03cdd04b7b85b4f92b5dd4eabd54dd2e71c352bfe82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
c086c8ec75612bbf4129980598b0346e

SHA1
48d8a9ed9736bcd9de2c7acbbc0f6880d1edc43b

SHA256
5f08e89be16ae6eb6225a8fff1b31f17d5d62aa02ff3fcbf1f41e0caa8d60a7c

SHA512
4ab95abffeec9a2c8110cc7d178bb2c41c8621767b9f94b1f1047889ca4448941862ad92c17f8a151b43d689ee1629ece2dbb4f6d2f53c4974d7407010c205e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
3734a483e5e8d65fb850161a5b71f1ee

SHA1
4b83a52c7e9c9dc6ec72b22c9bf7d71de37d896e

SHA256
394f1ff75b560b6c0caeb8eb47e50e98130a4f76aecee601a767aa0aab74522e

SHA512
a81b6d793b8f5a33d2e179beb5edd52e3078909a5df5c27dd93e7e163c76dd87dfe4267c7c1049c8e4d2021a9a32948c64ba9e418d85c6a888d8da26cc6177a6

Download Submit
C:\Users\Admin\Downloads\Bromine.zip

Filesize
1.1MB

MD5
9eb092da74453fb30dd4baf25d038fc0

SHA1
c2eaab9115929f841f1c60a641a1987d04ada92e

SHA256
471ffe0849ddef6a32aa39d2f3045da9d4a28e27bedf5d0793008d633ee97983

SHA512
e3aba3d9aac0f872efb721adad85f8376e3b5039de4620e886e01a50d6f248d5fdb7b5b186eaa9142157b6da482779c983690a3467ecdee98fbf76ff809afd44

Download Submit
memory/3500-571-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5096-567-0x00007FF656CE0000-0x00007FF656DD8000-memory.dmp

Filesize
992KB

Download
memory/5096-568-0x00007FFA9D0C0000-0x00007FFA9D0F4000-memory.dmp

Filesize
208KB

Download
memory/5096-569-0x00007FFA70140000-0x00007FFA703F6000-memory.dmp

Filesize
2.7MB

Download
memory/5096-570-0x00007FFA6EB90000-0x00007FFA6FC40000-memory.dmp

Filesize
16.7MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads